diff options
| author | 蒋维 <[email protected]> | 2021-04-13 15:00:41 +0800 |
|---|---|---|
| committer | 蒋维 <[email protected]> | 2021-04-13 15:00:41 +0800 |
| commit | 4c955b20cda4d6bec10edd900e56cd5b73a3b911 (patch) | |
| tree | 2cdbe8a1e909ac5e0da6cbf8d158a52ee3617c24 | |
| parent | 2478d9032bc9302f9f520608fda71dbe1162a8db (diff) | |
修订TSG2021.03版本,修改目录,修改图片
| -rw-r--r-- | Guide_Setup.tex | 43 | ||||
| -rw-r--r-- | TSG_Administrator's_Guide_Latest_EN.pdf | bin | 653579 -> 696216 bytes | |||
| -rw-r--r-- | TSG_Administrator's_Guide_Latest_EN.tex | 43 | ||||
| -rw-r--r-- | content/Advanced_Setting.tex | 9 | ||||
| -rw-r--r-- | content/Appendix_Best_Practices.tex | 45 | ||||
| -rw-r--r-- | content/Appendix_Built-in_Category.tex | 3 | ||||
| -rw-r--r-- | content/Appendix_Log_Fields_Description.tex | 85 | ||||
| -rw-r--r-- | content/Appendix_Predefined_Applications.tex | 3 | ||||
| -rw-r--r-- | content/Appendix_Predefined_Reports.tex | 12 | ||||
| -rw-r--r-- | content/Appendix_TSG_Packet_Flow.tex | 65 | ||||
| -rw-r--r-- | content/Decryption.tex | 66 | ||||
| -rw-r--r-- | content/Getting_Started.tex | 64 | ||||
| -rw-r--r-- | content/Monitoring.tex | 43 | ||||
| -rw-r--r-- | content/Objects.tex | 39 | ||||
| -rw-r--r-- | content/Policies.tex | 88 | ||||
| -rw-r--r-- | content/copypage.tex | 18 | ||||
| -rw-r--r-- | content/titlepage.tex | 18 | ||||
| -rw-r--r-- | images/pakcet_life_2020.pdf_tex | 25 |
18 files changed, 445 insertions, 224 deletions
diff --git a/Guide_Setup.tex b/Guide_Setup.tex index 3e2e9ff..1f16eb6 100644 --- a/Guide_Setup.tex +++ b/Guide_Setup.tex @@ -185,6 +185,16 @@ }{}% } +%\renewcommand\tableofcontents{% +% \addcontentsline{toc}{chapter}{DAFTAR ISI}\cleardoublepage\null\vspace{-12pt}\hfill\textbf{\large\contentsname}\hfill\null\par +% \@mkboth{\MakeUppercase\contentsname}{\MakeUppercase\contentsname}% +% \vspace{30pt} +% \@starttoc{toc}% +% } + + + + \lefoot[% > plain \ctfooterleftpagenumber% ]{% > srcheadings @@ -218,38 +228,15 @@ \DeclareTOCStyleEntries[pagenumberwidth=2.1em]{tocline}{subsubsection,subsection,section} -\RequirePackage{etoc} % Required to insert local tables of contents -\usepackage{etoc} -\newcounter{margintocdepth} % Set the depth of the margintoc -\setcounter{margintocdepth}{\subsectiontocdepth} +%\RequirePackage{etoc} % Required to insert local tables of contents +%\usepackage{etoc} +%\newcounter{margintocdepth} % Set the depth of the margintoc +%\setcounter{margintocdepth}{\subsectiontocdepth} -\newlength{\mtocshift} % Length of the vertical offset used for margin tocs +%\newlength{\mtocshift} % Length of the vertical offset used for margin tocs %\setlength{\mtocshift}{-52\vscale} % Command to print a table of contents in the margin -\newcommand{\margintoc}[1][\mtocshift]{ % The first parameter is the vertical offset; by default it is \mtocshift - \begingroup% - % Set the style for section entries - \etocsetstyle{section}% - {\parindent -5pt \parskip 3pt}% - {\leftskip 20pt \rightskip 12pt} % - {\hspace{0.01cm}\llap{\etocnumber\hspace{0.1cm}}\etocname\nobreak\leaders\hbox{\hbox to 1.5ex {\hss.\hss}}\hfill\makebox[-0.1cm][l]{\etocpage}\par}% - {}% - % Set the style for subsection entries - \etocsetstyle{subsection}% - {\parindent -5pt \parskip 0pt}% - {\leftskip 20pt \rightskip 12pt}% - {\hspace{0.01cm}\llap{\hspace{0.1cm}}\etocname\nobreak\leaders\hbox{\hbox to 1.5ex {\hss.\hss}}\hfill\makebox[-0.1cm][l]{\etocpage}\par}% - {}% - % Set the global style of the toc - %\etocsettocstyle{}{} - %\etocsettocstyle{\normalfont\sffamily\normalsize}{} - \etocsettocstyle{\usekomafont{section}\small}{}% - \etocsetnexttocdepth{\themargintocdepth}% - % Print the table of contents in the margin - \marginnote[#1]{\localtableofcontents}% - \endgroup% -} %\usepackage[backend=bibtex]{biblatex} %\bibliography{bib-refs.bib} %\usepackage[backend = biber, style = nwsuafref, utf8, sorting = centy]{biblatex} diff --git a/TSG_Administrator's_Guide_Latest_EN.pdf b/TSG_Administrator's_Guide_Latest_EN.pdf Binary files differindex b1c5afd..fda0ded 100644 --- a/TSG_Administrator's_Guide_Latest_EN.pdf +++ b/TSG_Administrator's_Guide_Latest_EN.pdf diff --git a/TSG_Administrator's_Guide_Latest_EN.tex b/TSG_Administrator's_Guide_Latest_EN.tex index e47eafe..86b34b9 100644 --- a/TSG_Administrator's_Guide_Latest_EN.tex +++ b/TSG_Administrator's_Guide_Latest_EN.tex @@ -16,6 +16,7 @@ chapterprefix=false, % do not display a prefix for chapters appendixprefix=false, % but display a prefix for appendix chapter draft=false, % value for draft version + toctree_only=True, ]{scrreprt}% @@ -48,34 +49,41 @@ %\renewcaptionname{ngerman}{\tablename}{Tab.} \renewcaptionname{english}{\figurename}{Fig.} \renewcaptionname{english}{\tablename}{Tab.} - +%\clearpage % > rename the title of the LOL, i.e. list of listings (default is "Listings") %\renewcommand*{\lstlistlistingname}{List of Listings} - % -------------------------- % Front matter % -------------------------- \pagestyle{empty} % no header or footers \input{content/titlepage} % INCLUDE: all titlepages -\clearpage -% +\cleardoublepage + + +\begingroup % Local scope for the following commands +%\addtocontents{toc}{\protect\newpage} +%\addtocontents{toc}{\protect\needspace{2\baselineskip}} +%{\cfttoctitlefont \contentsname}{\cftaftertoctitle}\par +%\renewcommand{\cftaftertoctitle}{% +%\\[\baselineskip]\mbox{}\hfill{\normalfont Page}} +%\setlength{\cftaftertoctitleskip}{30mm} % +%\addtolength{\belowcaptionskip}{10mm} +%\setlength{\cftbeforechapskip}{30mm} +\currentpdfbookmark{\contentsname}{toc} \pagenumbering{roman} \setcounter{page}{1} -\currentpdfbookmark{\contentsname}{toc} -\begingroup % Local scope for the following commands +\pagestyle{plain} % header and footer style + % Define the style for the TOC, LOF, and LOT %\setstretch{1} % Uncomment to modify line spacing in the ToC %\hypersetup{linkcolor=blue} % Uncomment to set the colour of links in the ToC %\setlength{\textheight}{230\vscale} % Manually adjust the height of the ToC pages +%\renewcommand{\cfttoctitlefont}{\hfill\Large\bfseries} +%\renewcommand{\cftaftertoctitle}{\hfill} +\tableofcontents % display table of contents 为了生成目录,请先执行生成 xelatex,在build整个解决方案;或者生成2次及以上可达到同样效果(因为latex structure toc file生成速度慢的原因 )。 -% Turn on compatibility mode for the etoc package -%\etocstandarddisplaystyle % "toc display" as if etoc was not loaded -%\etocstandardlines % "toc lines as if etoc was not loaded - - -\tableofcontents % display table of contents - + \endgroup \cleardoublepage @@ -83,7 +91,7 @@ % Body matter % -------------------------- \pagenumbering{arabic} % arabic page numbering -\setcounter{page}{7} % set page counter +\setcounter{page}{1} % set page counter \pagestyle{scrheadings} % header and footer style %% Uncomment the following lines using the \part command @@ -137,6 +145,13 @@ %\begin{thebibliography}{widest-label} %\end{thebibliography} +% -------------------------- +% Copy matter +% -------------------------- +\pagestyle{empty} % no header or footers +\input{content/copypage} % INCLUDE: all titlepages +\cleardoublepage + % ************************************************** % End of Document CONTENT % ************************************************** diff --git a/content/Advanced_Setting.tex b/content/Advanced_Setting.tex index 8c9d0e1..c5d6dd8 100644 --- a/content/Advanced_Setting.tex +++ b/content/Advanced_Setting.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Advanced Setting}{Advanced Setting} +%\pdfbookmark[0]{Advanced Setting}{Advanced Setting} \chapter*{\hypertarget{link:Advanced Setting}{Advanced Setting}} +\addcontentsline{toc}{chapter}{Advanced Setting} \label{sec:setting} This section contains information about configuring TSG advanced features, including: @@ -13,8 +14,9 @@ This section contains information about configuring TSG advanced features, inclu } \clearpage -\pdfbookmark[1]{Proxy TCP Options}{Proxy TCP Options} +%\pdfbookmark[1]{Proxy TCP Options}{Proxy TCP Options} \section*{\hypertarget{link:Proxy TCP Options}{Proxy TCP Options}} +\addcontentsline{toc}{section}{Proxy TCP Options} \label{sec:setting:tcp} TSG provides TCP default option which keeps the Enable TCP Passthrough and Bypass Duplicated Packet off. However, you can Create your own Proxy TCP Options for special situations. Under certain boundary conditions of network transmission, some network parameters need to be renegotiated during network transmission, such as MTU. The network equipment will renegotiate network parameters through some mechanisms, and the negotiation process may not under precise monitor of TSG. And it may affect related policies. In this case, the affected network parameters need to be preset through the PROXY TCP OPTION. @@ -46,8 +48,9 @@ TSG provides TCP default option which keeps the Enable TCP Passthrough and Bypas You can \textbf{Edit} or \textbf{Delete} your customized Proxy TCP Options. -\pdfbookmark[1]{System Usage}{System Usage} +%\pdfbookmark[1]{System Usage}{System Usage} \section*{\hypertarget{link:System Usage}{System Usage}} +\addcontentsline{toc}{section}{System Usage} \label{sec:setting:usage} System usage displays policy and object usage in bar chart and also shows storage usage of files, traffic logs, reports and metrics. Files are unstructured logs carried by session records and will store at least one month by default. Traffic Logs include all four types of logs and will also store at least one month by default. Reports and Metrics are the predefined or customized data aggregated based on multiple dimensions and will store at least one year by default. diff --git a/content/Appendix_Best_Practices.tex b/content/Appendix_Best_Practices.tex index df194bd..b1a33b4 100644 --- a/content/Appendix_Best_Practices.tex +++ b/content/Appendix_Best_Practices.tex @@ -1,11 +1,13 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix F Best Practices}{Appendix F Best Practices} +%\pdfbookmark[0]{Appendix F Best Practices}{Appendix F Best Practices} \chapter*{\hypertarget{link:Appendix F Best Practices}{Appendix F Best Practices}} +\addcontentsline{toc}{chapter}{Appendix F Best Practices} \label{sec:appendix_f} -\pdfbookmark[1]{Security Policy}{Appendix Security Policy} +%\pdfbookmark[1]{Security Policy}{Appendix Security Policy} \section*{\hypertarget{link:Appendix Security Policy}{Security Policy}} +\addcontentsline{toc}{section}{Security Policy} \label{sec:appendix_f:policy} To improve your overall security posture, use the guidelines in this section to plan, deploy, and maintain your internet gateway best practices security policy. Apply security best practices to gain visibility into traffic, prevent threats, and protect your network, users, and data. @@ -51,8 +53,9 @@ To improve your overall security posture, use the guidelines in this section to \end{enumerate} \end{description} -\pdfbookmark[1]{Proxy Policy}{Appendix Proxy Policy} +%\pdfbookmark[1]{Proxy Policy}{Appendix Proxy Policy} \section*{\hypertarget{link:Appendix Proxy Policy}{Proxy Policy}} +\addcontentsline{toc}{section}{Proxy Policy} \label{sec:appendix_f:proxy} The growth in SSL/TLS encrypted traffic traversing the internet is on an explosive upturn. We are going to take five use case to demonstrate proxy policy best practices. @@ -151,8 +154,9 @@ The growth in SSL/TLS encrypted traffic traversing the internet is on an explosi \notemark\textit{The Watch feature only support policy and object. You can add them to your watch list. Select the checkbox for objects and policies in the list and Click \textbf{Watch} at the bottom to add to Watch List. And then you can click the star icon in the bottom right and select Object/Policy tab to view the Watch List. You can search objects and policies by ID and Name in the list. For policy, you can check policy in the list and enable or disable it. You can also export and clear the list.} -\pdfbookmark[1]{Custom Application}{Custom Application} +%\pdfbookmark[1]{Custom Application}{Custom Application} \section*{\hypertarget{link:Custom Application}{Custom Application}} +\addcontentsline{toc}{section}{Custom Application} \label{sec:appendix_f:application} A policy object consists of one item or a set of collective items that groups discrete identities such as IP addresses, URLs, applications, or accounts. The relationship between each item is “or”. However, for keyword, within each item, there can be “and” expression and the item can have up to 4 substrings. You can reference the object in policy as conditions. The relationship between each condition within policy is “and”. There can be eight conditions at most for every policy. @@ -239,14 +243,16 @@ Other Attributes general.s2c\_session\_size & Session & 2 & string \\ \hline \end{longtable} -\pdfbookmark[1]{Make Your Own Reports}{Make Your Own Reports} +%\pdfbookmark[1]{Make Your Own Reports}{Make Your Own Reports} \section*{\hypertarget{link:Make Your Own Reports}{Make Your Own Reports}} +\addcontentsline{toc}{section}{Make Your Own Reports} \label{sec:appendix_f:report} The following guides you to set a report with one type of chart. Of course, you can create a report with all types of charts by TSG function \textbf{Reports}. -\pdfbookmark[2]{The 1st: Bar}{The 1st: Bar} +%\pdfbookmark[2]{The 1st: Bar}{The 1st: Bar} \subsection*{\hypertarget{link:The 1st: Bar}{The 1$^{st}$: Bar}} +\addcontentsline{toc}{subsection}{The 1$^{st}$: Bar} \label{sec:appendix_f:report:bar} Create a Bar Report. For example, make a report about the top 10 server IP that our security policy matched last week and the sum of bytes sent and bytes received from that server IP. @@ -279,8 +285,9 @@ Create a Bar Report. For example, make a report about the top 10 server IP that \end{enumerate} \end{description} -\pdfbookmark[2]{The 2nd: Line}{The 2nd: Line} +%\pdfbookmark[2]{The 2nd: Line}{The 2nd: Line} \subsection*{\hypertarget{link:The 2nd: Line}{The 2$^{nd}$: Line}} +\addcontentsline{toc}{subsection}{The 2$^{nd}$: Line} \label{sec:appendix_f:report:line} Create a Line Report. For example, make a report about the security event sessions count previous day. @@ -312,8 +319,9 @@ Create a Line Report. For example, make a report about the security event sessio \end{enumerate} \end{description} -\pdfbookmark[2]{The 3rd: Drilldown}{The 3rd: Drilldown} +%\pdfbookmark[2]{The 3rd: Drilldown}{The 3rd: Drilldown} \subsection*{\hypertarget{link:The 3rd: Drilldown}{The 3$^{rd}$: Drilldown}} +\addcontentsline{toc}{subsection}{The 3$^{rd}$: Drilldown} \label{sec:appendix_f:report:drilldown} Create a Drilldown Report. For example, make a report about the session count for top 100 Http.Domain, Drilldown on Subscriber ID and show Drilldown top 5 that our security policy matched last week. @@ -350,8 +358,9 @@ Create a Drilldown Report. For example, make a report about the session count fo \end{enumerate} \end{description} -\pdfbookmark[2]{The 4th: Double-lines}{The 4th: Double-lines} +%\pdfbookmark[2]{The 4th: Double-lines}{The 4th: Double-lines} \subsection*{\hypertarget{link:The 4th: Double-lines}{The 4$^{th}$: Double-lines}} +\addcontentsline{toc}{subsection}{The 4$^{th}$: Double-lines} \label{sec:appendix_f:report:double-lines} Create a top N Line Report. For example, make a report about the session count group by Http.Domain (top 5) every day that our security policy matched in the last month. @@ -384,8 +393,9 @@ Create a top N Line Report. For example, make a report about the session count g \end{enumerate} \end{description} -\pdfbookmark[2]{The 5th: Area}{The 5th: Area} +%\pdfbookmark[2]{The 5th: Area}{The 5th: Area} \subsection*{\hypertarget{link:The 5th: Area}{The 5$^{th}$: Area}} +\addcontentsline{toc}{subsection}{The 5$^{th}$: Area} \label{sec:appendix_f:report:area} Create an Area Report. For example, make a report about the sum of bytes Sent and bytes Received and the sum of Packets Sent and Packets Received every day that our security policy matched in last month. @@ -417,8 +427,9 @@ Create an Area Report. For example, make a report about the sum of bytes Sent an \end{enumerate} \end{description} -\pdfbookmark[2]{The 6th: Network Behavior Analysis for Specific User }{The 6th: Network Behavior Analysis for Specific User } +%\pdfbookmark[2]{The 6th: Network Behavior Analysis for Specific User }{The 6th: Network Behavior Analysis for Specific User } \subsection*{\hypertarget{link:The 6th: Network Behavior Analysis for Specific User }{The 6$^{th}$: Network Behavior Analysis for Specific User }} +\addcontentsline{toc}{subsection}{The 6$^{th}$: Network Behavior Analysis for Specific User} \label{sec:appendix_f:report:6th} Create a report to analyze network behavior of specific user, such as specific IP address or Subscriber ID. For example, create a report for Internal IP 192.168.50.2. It will include 9 charts and tables, that display traffic trend, top access domain and top access URLs based on sessions. @@ -553,8 +564,9 @@ Create a report to analyze network behavior of specific user, such as specific I \end{enumerate} \end{description} -\pdfbookmark[2]{The 7th: Website Access Analysis for Specific Domain}{The 7th: Website Access Analysis for Specific Domain} +%\pdfbookmark[2]{The 7th: Website Access Analysis for Specific Domain}{The 7th: Website Access Analysis for Specific Domain} \subsection*{\hypertarget{link:The 7th: Website Access Analysis for Specific Domain}{The 7$^{th}$: Website Access Analysis for Specific Domain}} +\addcontentsline{toc}{subsection}{The 7$^{th}$: Website Access Analysis for Specific Domain} \label{sec:appendix_f:report:7th} Create a report to analyze website access of specific domain, such as google.com. For example, create a custom report to analyze security events which hit google.com. It will include 5 charts and tables, that display traffic trend based on bandwidth and client IP number, security event action hit sessions trend and and top Server IP based on sessions. @@ -641,8 +653,9 @@ Create a report to analyze website access of specific domain, such as google.com \end{enumerate} \end{description} -\pdfbookmark[2]{The 8th: Endpoints Access Analysis for Specific City}{The 8th: Endpoints Access Analysis for Specific City} +%\pdfbookmark[2]{The 8th: Endpoints Access Analysis for Specific City}{The 8th: Endpoints Access Analysis for Specific City} \subsection*{\hypertarget{link:The 8th: Endpoints Access Analysis for Specific City}{The 8$^{th}$: Endpoints Access Analysis for Specific City}} +\addcontentsline{toc}{subsection}{The 8$^{th}$: Endpoints Access Analysis for Specific City} \label{sec:appendix_f:report:8th} Customize a report to analyze endpoints access of specific Data Center. For example, create a report to analyze session records about endpoints information in specific Data Center. It will include 2 charts and tables, that display number of Unique External IP, Internal IP and Subscriber ID trend based on bandwidth and show Unique client IP number and Unique Subscriber ID number of Top 100 domains. @@ -706,8 +719,9 @@ Customize a report to analyze endpoints access of specific Data Center. For exam \end{enumerate} \end{description} -\pdfbookmark[2]{The 9th: Endpoints Details Analysis for Intercept Action }{The 9th: Endpoints Details Analysis for Intercept Action } +%\pdfbookmark[2]{The 9th: Endpoints Details Analysis for Intercept Action }{The 9th: Endpoints Details Analysis for Intercept Action } \subsection*{\hypertarget{link:The 9th: Endpoints Details Analysis for Intercept Action }{The 9$^{th}$: Endpoints Details Analysis for Intercept Action }} +\addcontentsline{toc}{subsection}{The 9$^{th}$: Endpoints Details Analysis for Intercept Action} \label{sec:appendix_f:report:9th} Customize a report to analyze endpoints details of intercept action. For example, create a report to analyze Security Event Logs about multiple dimensional endpoints information. It will include 8 charts and tables, that display endpoints statistics details, including Top Client IP, Server IP, Internal IP, External IP (by Sessions with Bandwidth), Top Domain Distribution (by Sessions with Bandwidth), Top Domain Drilldown Internal IP (by Sessions), Top Domain Drilldown Server IP (by Bandwidth), Top Subscriber ID Drilldown Domain (by Sessions). With the help of this example, you can have a better understanding of the meaning of Drilldown table and bar charts and how to create them. @@ -871,8 +885,9 @@ Customize a report to analyze endpoints details of intercept action. For example \end{enumerate} \end{description} -\pdfbookmark[2]{The 10th: Traffic QoS Analysis for Specific Data Center }{The 10th: Traffic QoS Analysis for Specific Data Center } +%\pdfbookmark[2]{The 10th: Traffic QoS Analysis for Specific Data Center }{The 10th: Traffic QoS Analysis for Specific Data Center } \subsection*{\hypertarget{link:The 10th: Traffic QoS Analysis for Specific Data Center }{The 10$^{th}$: Traffic QoS Analysis for Specific Data Center }} +\addcontentsline{toc}{subsection}{The 10$^{th}$: Traffic QoS Analysis for Specific Data Center} \label{sec:appendix_f:report:10th} Customize a report to diagnose traffic statistics for specific data center. For example, create a report to analyze traffic QoS for Data Center DC2. It will include 4 charts and tables, that display network traffic QoS, including Estimated One-sided Connections, Internal IP at Top ADC Bandwidth Tend, SSL Certificate Installation Unique Client IP Trend and Top Internal IP Drill down Sled IP (by Sessions). diff --git a/content/Appendix_Built-in_Category.tex b/content/Appendix_Built-in_Category.tex index 4b89796..4fc1e9e 100644 --- a/content/Appendix_Built-in_Category.tex +++ b/content/Appendix_Built-in_Category.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix A Built-in Category}{Appendix A Built-in Category} +%\pdfbookmark[0]{Appendix A Built-in Category}{Appendix A Built-in Category} \chapter*{\hypertarget{link:Appendix A Built-in Category}{Appendix A Built-in Category}} +\addcontentsline{toc}{chapter}{Appendix A Built-in Category} \label{sec:appendix_a} Built-in Category diff --git a/content/Appendix_Log_Fields_Description.tex b/content/Appendix_Log_Fields_Description.tex index 2f80e30..6409220 100644 --- a/content/Appendix_Log_Fields_Description.tex +++ b/content/Appendix_Log_Fields_Description.tex @@ -1,15 +1,17 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix C Log Fields Description}{Appendix C Log Fields Description} +%\pdfbookmark[0]{Appendix C Log Fields Description}{Appendix C Log Fields Description} \chapter*{\hypertarget{link:Appendix C Log Fields Description}{Appendix C Log Fields Description}} +\addcontentsline{toc}{chapter}{Appendix C Log Fields Description} \label{sec:appendix_c} \notemark\textit{The column with * is the default display column after logging in to the system for the first time. Once the user has made the configuration, the configuration will be saved in the browser's local data. The next time the user logs in to the system through the same machine and the same browser, it will display columns that the user has previously configured. The fields with bold font are the Log Fields used when creating reports.} -\pdfbookmark[1]{Log Type}{Log Type} +%\pdfbookmark[1]{Log Type}{Log Type} \section*{\hypertarget{link:Log Type}{Log Type}} +\addcontentsline{toc}{section}{Log Type} \label{sec:appendix_c:logtype} \begin{longtable}{p{0.31\textwidth}|p{0.63\textwidth}} @@ -20,8 +22,9 @@ it will display columns that the user has previously configured. The fields with Radius Logs & Base and Radius \\\hline \end{longtable} -\pdfbookmark[1]{Base}{Base} +%\pdfbookmark[1]{Base}{Base} \section*{\hypertarget{link:Base}{Base}} +\addcontentsline{toc}{section}{Base} \label{sec:appendix_c:base} \begin{longtable}{p{0.34\textwidth}|p{0.58\textwidth}} @@ -114,15 +117,21 @@ it will display columns that the user has previously configured. The fields with Sequence Gap Loss(c2s) & Number of TCP gap loss packets in client-to-server direction of the session \\\hline Sequence Gap Loss(s2c) & Number of TCP gap loss packets in server-to-client direction of the session \\\hline Unorder Packets(c2s) & Number of TCP out of order packets in client-to-server direction of the session \\\hline - Unorder Packets(s2c) & Number of TCP out of order packets in server-to-client direction of the session \\\hline + Unorder Packets(s2c) & Number of TCP out of order packets in server-to-client direction of the session \\\hline + TCP Client ISN & TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. + The client chooses an initial sequence number, set in the first SYN packet. Initial sequence numbers (ISN) refers to the unique 32-bit sequence number assigned to each new connection + on a TCP-based data communication. An ISN is unique to each connection and separated by each device. Now use a random number in ISN selection process to defeat malicious attacks. \\\hline + TCP Server ISN & The server also chooses its own initial sequence number, set in the SYN/ACK packet. Each side acknowledges each other's sequence number by incrementing it. \\\hline \end{longtable} -\pdfbookmark[1]{Log Fields per Protocol}{Log Fields per Protocol} +%\pdfbookmark[1]{Log Fields per Protocol}{Log Fields per Protocol} \section*{\hypertarget{link:Log Fields per Protocol}{Log Fields per Protocol}} +\addcontentsline{toc}{section}{Log Fields per Protocol} \label{sec:appendix_c:protocol} -\pdfbookmark[2]{HTTP}{HTTP} +%\pdfbookmark[2]{HTTP}{HTTP} \subsection*{\hypertarget{link:HTTP}{HTTP}} +\addcontentsline{toc}{subsection}{HTTP} \label{sec:appendix_c:protocol:HTTP} \begin{longtable}{p{0.33\textwidth}|p{0.61\textwidth}} @@ -151,8 +160,9 @@ it will display columns that the user has previously configured. The fields with Http.Session Duration(ms) & Duration time of current HTTP session \\\hline \end{longtable} -\pdfbookmark[2]{MAIL}{MAIL} +%\pdfbookmark[2]{MAIL}{MAIL} \subsection*{\hypertarget{link:MAIL}{MAIL}} +\addcontentsline{toc}{subsection}{MAIL} \label{sec:appendix_c:protocol:MAIL} \begin{longtable}{p{0.26\textwidth}|p{0.68\textwidth}} @@ -170,8 +180,9 @@ it will display columns that the user has previously configured. The fields with Mail.EML File & EML file download link of current mail session \\\hline \end{longtable} -\pdfbookmark[2]{DNS}{DNS} +%\pdfbookmark[2]{DNS}{DNS} \subsection*{\hypertarget{link:DNS}{DNS}} +\addcontentsline{toc}{subsection}{DNS} \label{sec:appendix_c:protocol:DNS} \begin{longtable}{p{0.29\textwidth}|p{0.65\textwidth}} @@ -196,8 +207,9 @@ it will display columns that the user has previously configured. The fields with Dns.RR & Resource records of current DNS session \\\hline \end{longtable} -\pdfbookmark[2]{SSL}{SSL} +%\pdfbookmark[2]{SSL}{SSL} \subsection*{\hypertarget{link:SSL}{SSL}} +\addcontentsline{toc}{subsection}{SSL} \label{sec:appendix_c:protocol:SSL} \begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}} @@ -246,8 +258,9 @@ it will display columns that the user has previously configured. The fields with SSL.JA3 hash & JA3 Fingerprint is hashed with MD5 \\\hline \end{longtable} -\pdfbookmark[2]{QUIC}{QUIC} +%\pdfbookmark[2]{QUIC}{QUIC} \subsection*{\hypertarget{link:QUIC}{QUIC}} +\addcontentsline{toc}{subsection}{QUIC} \label{sec:appendix_c:protocol:QUIC} \begin{longtable}{p{0.31\textwidth}|p{0.63\textwidth}} @@ -257,8 +270,9 @@ it will display columns that the user has previously configured. The fields with Quic.User Agent & User Agent of current QUIC session \\\hline \end{longtable} -\pdfbookmark[2]{DoH}{DoH} +%\pdfbookmark[2]{DoH}{DoH} \subsection*{\hypertarget{link:DoH}{DoH}} +\addcontentsline{toc}{subsection}{DoH} \label{sec:appendix_c:protocol:DoH} \begin{longtable}{p{0.23\textwidth}|p{0.71\textwidth}} @@ -289,8 +303,9 @@ it will display columns that the user has previously configured. The fields with DoH.RR & Resource records of current DoH session \\\hline \end{longtable} -\pdfbookmark[2]{FTP}{FTP} +%\pdfbookmark[2]{FTP}{FTP} \subsection*{\hypertarget{link:FTP}{FTP}} +\addcontentsline{toc}{subsection}{FTP} \label{sec:appendix_c:protocol:FTP} \begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}} @@ -300,8 +315,49 @@ it will display columns that the user has previously configured. The fields with Ftp.Content & File content of current ftp session \\\hline \end{longtable} -\pdfbookmark[2]{RADIUS}{RADIUS} +%\pdfbookmark[2]{SIP}{SIP} +\subsection*{\hypertarget{link:SIP}{SIP}} +\addcontentsline{toc}{subsection}{SIP} +\label{sec:appendix_c:protocol:SIP} + +\begin{longtable}{p{0.33\textwidth}|p{0.61\textwidth}} + \rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline + SIP.Call-ID & Call identifier of current SIP session \\\hline + SIP.Originator & Originator description of current session \\\hline + SIP.Responder & Responder description of current session \\\hline + SIP.User-Agent & A user agent is a logical network endpoint that sends or receives SIP messages and manages SIP sessions. \\\hline + SIP.Server & A network server with UAC and UAS components \\\hline + SIP.Originator IP & IP address of the originator \\\hline + SIP.Originator Port & Port of the originator \\\hline + SIP.Originator Media Type & The media type of the originator \\\hline + SIP.Originator Content & The content information of the originator, using Session Description Protocol(SDP) \\\hline + SIP.Responder IP & IP address of the responder \\\hline + SIP.Responder Port & Port of the responder \\\hline + SIP.Responder Media Type & The media type of the responder \\\hline + SIP.Responder Content & The content information of the responder using Session Description Protocol(SDP) \\\hline + SIP.Duration & Duration time of current SIP session \\\hline + SIP.Bye & Signal termination of a dialog and end a call. This message may be sent by either endpoint of a dialog. \\\hline +\end{longtable} + +%\pdfbookmark[2]{RTP}{RTP} +\subsection*{\hypertarget{link:RTP}{RTP}} +\addcontentsline{toc}{subsection}{RTP} +\label{sec:appendix_c:protocol:RTP} + +\begin{longtable}{p{0.27\textwidth}|p{0.67\textwidth}} + \rowcolor{black}\multicolumn{1}{l!\vlinewhite}{\textcolor{white}{Field}} & \textcolor{white}{Description} \\\hline + RTP.Payload(c2s) & Payload type encodings sequence number of c2s \\\hline + RTP.Payload(s2c) & Payload type encodings sequence number of s2c \\\hline + RTP.PCAP & Packet capture path; there are maybe two paths for asymmetric traffic. \\\hline + RTP.Direction & {\tabincell{l}{Originator direction. \\ + 0: unknown \\ + 1: c2s \\ + 2: s2c }} \\\hline +\end{longtable} + +%\pdfbookmark[2]{RADIUS}{RADIUS} \subsection*{\hypertarget{link:RADIUS}{RADIUS}} +\addcontentsline{toc}{subsection}{RADIUS} \label{sec:appendix_c:protocol:RADIUS} \begin{longtable}{p{0.29\textwidth}|p{0.65\textwidth}} @@ -449,8 +505,9 @@ it will display columns that the user has previously configured. The fields with Acct Interim Interva &l Indicates the number of seconds between each interim update in seconds \\\hline \end{longtable} -\pdfbookmark[2]{APP}{APP} +%\pdfbookmark[2]{APP}{APP} \subsection*{\hypertarget{link:APP}{APP}} +\addcontentsline{toc}{subsection}{APP} \label{sec:appendix_c:protocol:APP} \begin{longtable}{p{0.3\textwidth}|p{0.64\textwidth}} diff --git a/content/Appendix_Predefined_Applications.tex b/content/Appendix_Predefined_Applications.tex index a11795a..26d79a5 100644 --- a/content/Appendix_Predefined_Applications.tex +++ b/content/Appendix_Predefined_Applications.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix B Predefined Applications}{Appendix B Predefined Applications} +%\pdfbookmark[0]{Appendix B Predefined Applications}{Appendix B Predefined Applications} \chapter*{\hypertarget{link:Appendix B Predefined Applications}{Appendix B Predefined Applications}} +\addcontentsline{toc}{chapter}{Appendix B Predefined Applications} \label{sec:appendix_b} \begin{longtable}{p{0.12\textwidth}|p{0.03\textwidth}|p{0.16\textwidth}|p{0.16\textwidth}|p{0.45\textwidth}} diff --git a/content/Appendix_Predefined_Reports.tex b/content/Appendix_Predefined_Reports.tex index fdff8b1..18b11d3 100644 --- a/content/Appendix_Predefined_Reports.tex +++ b/content/Appendix_Predefined_Reports.tex @@ -1,11 +1,13 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix D Predefined Reports}{Appendix D Predefined Reports} +%\pdfbookmark[0]{Appendix D Predefined Reports}{Appendix D Predefined Reports} \chapter*{\hypertarget{link:Appendix D Predefined Reports}{Appendix D Predefined Reports}} +\addcontentsline{toc}{chapter}{Appendix D Predefined Reports} \label{sec:appendix_d} -\pdfbookmark[1]{Predefined Reports}{Predefined Reports} +%\pdfbookmark[1]{Predefined Reports}{Predefined Reports} \section*{\hypertarget{link:Predefined Reports}{Predefined Reports}} +\addcontentsline{toc}{section}{Predefined Reports} \label{sec:appendix_d:report} \begin{longtable}{p{0.12\textwidth}|p{0.16\textwidth}|p{0.66\textwidth}} @@ -157,8 +159,9 @@ \end{longtable} -\pdfbookmark[1]{Predefined Chart Libraries}{Predefined Chart Libraries} +%\pdfbookmark[1]{Predefined Chart Libraries}{Predefined Chart Libraries} \section*{\hypertarget{link:Predefined Chart Libraries}{Predefined Chart Libraries}} +\addcontentsline{toc}{section}{Predefined Chart Libraries} \label{sec:appendix_d:chart} \begin{longtable}{p{0.82\textwidth}|p{0.12\textwidth}} @@ -196,8 +199,9 @@ Estimated TCP Sequence Gap Loss Estimated-TCP-Sequence-Gap-Loss & area \\\hline \end{longtable} -\pdfbookmark[1]{Predefined Datasets}{Predefined Datasets} +%\pdfbookmark[1]{Predefined Datasets}{Predefined Datasets} \section*{\hypertarget{link:Predefined Datasets}{Predefined Datasets}} +\addcontentsline{toc}{section}{Predefined Datasets} \label{sec:appendix_d:dataset} \begin{longtable}{p{0.74\textwidth}|p{0.2\textwidth}} diff --git a/content/Appendix_TSG_Packet_Flow.tex b/content/Appendix_TSG_Packet_Flow.tex index 7d3f030..dc79c36 100644 --- a/content/Appendix_TSG_Packet_Flow.tex +++ b/content/Appendix_TSG_Packet_Flow.tex @@ -1,11 +1,13 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Appendix E TSG Packet Flow}{Appendix E TSG Packet Flow} +%\pdfbookmark[0]{Appendix E TSG Packet Flow}{Appendix E TSG Packet Flow} \chapter*{\hypertarget{link:Appendix E TSG Packet Flow}{Appendix E TSG Packet Flow}} +\addcontentsline{toc}{chapter}{Appendix E TSG Packet Flow} \label{sec:appendix_e} -\pdfbookmark[1]{Overview}{Overview} +%\pdfbookmark[1]{Overview}{Overview} \section*{\hypertarget{link:Overview}{Overview}} +\addcontentsline{toc}{section}{Overview} \label{sec:appendix_e:overview} This document describes the packet handling sequence in TSG. TSG Firewall performs stateful checks, TSG proxy performs decryption. @@ -25,36 +27,42 @@ The Ingress stage, session stage and egress stage are the three stages of TSG tr %\caption{Figure} \end{figure} -\pdfbookmark[1]{Packet Handling Sequence}{Packet Handling Sequence} +%\pdfbookmark[1]{Packet Handling Sequence}{Packet Handling Sequence} \section*{\hypertarget{link:Packet Handling Sequence}{Packet Handling Sequence}} +\addcontentsline{toc}{section}{Packet Handling Sequence} \label{sec:appendix_e:sequence} -\pdfbookmark[2]{Ingress stage}{Ingress stage} -\subsection*{\hypertarget{link:Ingress stage}{Ingress stage}} +%\pdfbookmark[2]{Ingress Stage}{Ingress Stage} +\subsection*{\hypertarget{link:Ingress Stage}{Ingress Stage}} +\addcontentsline{toc}{subsection}{Ingress Stage} \label{sec:appendix_e:sequence:ingress} The ingress stage receives packets from the network interface, parses those packets, and then determines whether a given packet is subject to further inspection. If the packet is subject to further inspection, the system continues with a session lookup and the packet enters the session stage. Otherwise, the system forwards the packet to the egress stage. -\pdfbookmark[3]{Layer 2 Decode}{Layer 2 Decode} +%\pdfbookmark[3]{Layer 2 Decode}{Layer 2 Decode} \subsubsection*{\hypertarget{link:Layer 2 Decode}{Layer 2 Decode}} +\addcontentsline{toc}{subsubsection}{Layer 2 Decode} \label{sec:appendix_e:sequence:ingress:decode} Packet parsing starts with the Ethernet (Layer-2) header of the packet received from the wire. VLAN, MPLS, MAC\_IN\_MAC headers are parsed here. The ingress port, 802.1q tag, and destination MAC address are used as keys to lookup the ingress logical interface. -\pdfbookmark[3]{Tunnel Decapsulation}{Tunnel Decapsulation} +%\pdfbookmark[3]{Tunnel Decapsulation}{Tunnel Decapsulation} \subsubsection*{\hypertarget{link:Tunnel Decapsulation}{Tunnel Decapsulation}} +\addcontentsline{toc}{subsubsection}{Tunnel Decapsulation} \label{sec:appendix_e:sequence:ingress:decapsulation} If the packet has PPPOE, IPIP, GRE, PPTP, L2TP, Teredo, GTP encapsulations, they are decoded at this stage. -\pdfbookmark[3]{IP Defragmentation}{IP Defragmentation} +%\pdfbookmark[3]{IP Defragmentation}{IP Defragmentation} \subsubsection*{\hypertarget{link:IP Defragmentation}{IP Defragmentation}} +\addcontentsline{toc}{subsubsection}{IP Defragmentation} \label{sec:appendix_e:sequence:ingress:defragmentation} After the IP header is parsed (Layer-3), the TSG parses IP fragments, reassembles using the defragmentation process, and then feeds the packet back to the parser starting with the IP header. At this stage, a fragment may be discarded due to tear-drop attack (overlapping fragments), fragmentation errors, or if the TSG hits system limits on buffered fragments (hits the max packet threshold). -\pdfbookmark[2]{Session Setup}{Session Setup} +%\pdfbookmark[2]{Session Setup}{Session Setup} \subsection*{\hypertarget{link:Session Setup}{Session Setup}} +\addcontentsline{toc}{subsection}{Session Setup} \label{sec:appendix_e:sequence:setup} If the packet is subject to firewall inspection, it performs a flow lookup on the packet. In TSG ’s implementation, the firewall identifies the flow using a 5-tuple key: @@ -89,8 +97,9 @@ The firewall uses the IP address of the packet to query mapping tables. There is a chance that above information is not available at this point. In that case, policies with these conditions cannot be enforced. -\pdfbookmark[2]{Session Maintenance}{Session Maintenance} +%\pdfbookmark[2]{Session Maintenance}{Session Maintenance} \subsection*{\hypertarget{link:Session Maintenance}{Session Maintenance}} +\addcontentsline{toc}{subsection}{Session Maintenance} \label{sec:appendix_e:sequence:maintenance} A packet that matches an existing session will enter the session maintenance stages. This stage starts with Layer 2 to Layer 4 firewall processing: @@ -110,30 +119,35 @@ If an application uses TCP as the transport, the firewall processes it by the TC A packet matching an existing session is subject to further processing if packet has TCP/UDP data (payload). If the firewall does not detect the session application, it performs application identification. If the identification is non-conclusive, the content inspection module runs known protocol decoder checks and heuristics to help identify the application. The application identification result could change throughout the life of the session. Once a traffic attribute is parsed, it’s subject to security policy enforcement. -\pdfbookmark[2]{Firewall Process}{Firewall Process} +%\pdfbookmark[2]{Firewall Process}{Firewall Process} \subsection*{\hypertarget{link:Firewall Process}{Firewall Process}} +\addcontentsline{toc}{subsection}{Firewall Process} \label{sec:appendix_e:sequence:firewall} -\pdfbookmark[3]{Layer 7 Decode}{Layer 7 Decode} +%\pdfbookmark[3]{Layer 7 Decode}{Layer 7 Decode} \subsubsection*{\hypertarget{link:Layer 7 Decode}{Layer 7 Decode}} +\addcontentsline{toc}{subsubsection}{Layer 7 Decode} \label{sec:appendix_e:sequence:firewall:decode} The firewall decodes Layer 7 protocols such as HTTP, SSL/TLS and DNS, to get traffic attributes. -\pdfbookmark[3]{Application Identification}{Application Identification} +%\pdfbookmark[3]{Application Identification}{Application Identification} \subsubsection*{\hypertarget{link:Application Identification}{Application Identification}} +\addcontentsline{toc}{subsubsection}{Application Identification} \label{sec:appendix_e:sequence:firewall:identification} The firewall identifies application with built-in and customized signature. The firewall uses protocol decoding in the content inspection stage to determine if an application changes from one application to another. After the firewall identifies the session application, security policy will be enforced as configured. -\pdfbookmark[3]{Content Decode}{Content Decode} +%\pdfbookmark[3]{Content Decode}{Content Decode} \subsubsection*{\hypertarget{link:Content Decode}{Content Decode}} +\addcontentsline{toc}{subsubsection}{Content Decode} \label{sec:appendix_e:sequence:firewall:contentdecode} The firewall decodes the flow and parses attributes and content, then scan them for keywords, e.g., email attachments that are text-based. If it results in keywords detection, then the corresponding security policy action is taken. Application identification is still on at this stage, as the more traffic attributes are parsed, application identification result may be changed. -\pdfbookmark[3]{Security Policy Lookup}{Security Policy Lookup} +%\pdfbookmark[3]{Security Policy Lookup}{Security Policy Lookup} \subsubsection*{\hypertarget{link:Security Policy Lookup}{Security Policy Lookup}} +\addcontentsline{toc}{subsubsection}{Security Policy Lookup} \label{sec:appendix_e:sequence:firewall:lookup} The firewall uses application ANY, IP, port, Geographic and Subscriber ID to perform the lookup and check for a rule match. In case of a rule match, if the policy action is set to ‘deny’, the firewall drops the packet. @@ -144,12 +158,14 @@ If security policy action is set to intercept and the application is SSL or HTTP After more packet transferred, identified application as well as FQDN, URL and applicable protocol fields in the session are used as key to find rule match. If the session matches a security rule, and the rule has logging enabled, the firewall generates a security event log at the session end. -\pdfbookmark[2]{Proxy Process}{Proxy Process} +%\pdfbookmark[2]{Proxy Process}{Proxy Process} \subsection*{\hypertarget{link:Proxy Process}{Proxy Process}} +\addcontentsline{toc}{subsection}{Proxy Process} \label{sec:appendix_e:sequence:proxy} -\pdfbookmark[3]{Duplicate Packet Processing}{Duplicate Packet Processing} +%\pdfbookmark[3]{Duplicate Packet Processing}{Duplicate Packet Processing} \subsubsection*{\hypertarget{link:Duplicate Packet Processing}{Duplicate Packet Processing}} +\addcontentsline{toc}{subsubsection}{Duplicate Packet Processing} \label{sec:appendix_e:sequence:proxy:duplicate} Packet usually travels a route one time only, otherwise it’s a waste of bandwidth. But network of real world is complicated: tunnels, policy ACLs and human mistakes all induce packet travels a link more than one time. @@ -166,32 +182,37 @@ The proxy fixes this problem by following two mechanisms: • Duplicate flow detection: Since not all traffic flows have duplicate packets, do duplicate identification on each packet is a waste of CPU and memory, moreover, it induces performance overhead. Hence, only the TCP flows with duplicate SYN or SYN/ACK packet will conduct duplicate packet identification. -\pdfbookmark[3]{TCP Stack}{TCP Stack} +%\pdfbookmark[3]{TCP Stack}{TCP Stack} \subsubsection*{\hypertarget{link:TCP Stack}{TCP Stack}} +\addcontentsline{toc}{subsubsection}{TCP Stack} \label{sec:appendix_e:sequence:proxy:TCP} Opening a TCP connection involves a three-way handshake involving packets: the client contacts the server, the server acknowledges the client, and the client acknowledges the server. The proxy’s TCP stack attempts to connect server-side immediately after receiving the client's initial connection request, but waits to return the server acknowledgement until determining whether or not the server-side connection succeeds. This provides greater transparency, as the client receives either an RST or no response, which mirrors what is sent from a server when connections fail. -\pdfbookmark[3]{Build SSL Session}{Build SSL Session} +%\pdfbookmark[3]{Build SSL Session}{Build SSL Session} \subsubsection*{\hypertarget{link:Build SSL Session}{Build SSL Session}} +\addcontentsline{toc}{subsubsection}{Build SSL Session} \label{sec:appendix_e:sequence:proxy:build} The proxy first builds server-side SSL session, if the server certificate verification is failed, the proxy will sign certificate with untrusted root. That’s because the proxy wants the untrust certificate to warn users that they are trying to access potentially unsafe sites. -\pdfbookmark[3]{Proxy Policy Lookup}{Proxy Policy Lookup} +%\pdfbookmark[3]{Proxy Policy Lookup}{Proxy Policy Lookup} \subsubsection*{\hypertarget{link:Proxy Policy Lookup}{Proxy Policy Lookup}} +\addcontentsline{toc}{subsubsection}{Proxy Policy Lookup} \label{sec:appendix_e:sequence:proxy:lookup} After decode Layer 7 protocols, traffic attributes like HTTP URL, headers are subject to proxy policy lookup, then according action is taken. -\pdfbookmark[3]{Re-encryption}{Re-encryption} +%\pdfbookmark[3]{Re-encryption}{Re-encryption} \subsubsection*{\hypertarget{link:Re-encryption}{Re-encryption}} +\addcontentsline{toc}{subsubsection}{Re-encryption} \label{sec:appendix_e:sequence:proxy:re-encryption} The content is compressed and encrypted, and send to egress stage -\pdfbookmark[2]{Egress Stage}{Egress Stage} +%\pdfbookmark[2]{Egress Stage}{Egress Stage} \subsection*{\hypertarget{link:Egress Stage}{Egress Stage}} +\addcontentsline{toc}{subsection}{Egress Stage} \label{sec:appendix_e:sequence:egress} The system identifies encapsulation information for the packet, including MAC addresses, VLAN ID and tunnel headers. And find the egress interface. diff --git a/content/Decryption.tex b/content/Decryption.tex index 93fa345..6f47912 100644 --- a/content/Decryption.tex +++ b/content/Decryption.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Decryption}{Decryption} +%\pdfbookmark[0]{Decryption}{Decryption} \chapter*{\hypertarget{link:Decryption}{Decryption}} +\addcontentsline{toc}{chapter}{Decryption} \label{sec:decrypt} Except firewall, TSG has a proxy which utilizes MITM (Man-in-the-middle) technologies and enables you to perform layer 4-7 advanced manipulation of network traffic. @@ -20,8 +21,9 @@ Enabling decryption need preparing the keys and certificates required, creating } \clearpage -\pdfbookmark[1]{Decryption Concepts}{Decryption Concepts} +%\pdfbookmark[1]{Decryption Concepts}{Decryption Concepts} \section*{\hypertarget{link:Decryption Concepts}{Decryption Concepts}} +\addcontentsline{toc}{section}{Decryption Concepts} \label{sec:decrypt:concept} The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protocols secure traffic between two entities, such as a web server and a client. Without special instructions, SSL in this document refers to SSL/TLS. SSL encapsulate traffic, encrypting data so that it is meaningless to entities other than the client and server with the certificates to affirm trust between the devices and the keys to decode the data. @@ -36,8 +38,9 @@ SSL decryption requires certificates to establish the proxy as a trusted third p You can integrate a hardware security module (HSM) with TSG to enable enhanced security for the private keys. To learn more about integrating an HSM, see \hyperlink{link:Manage Keys with a Hardware Security Module}{\color{linkblue}{Manage Keys with a Hardware Security Module}}. -\pdfbookmark[1]{Keys and Certificates}{Keys and Certificates} +%\pdfbookmark[1]{Keys and Certificates}{Keys and Certificates} \section*{\hypertarget{link:Keys and Certificates}{Keys and Certificates}} +\addcontentsline{toc}{section}{Keys and Certificates} \label{sec:decrypt:keys} Keys are strings of numbers typically generated using a mathematical operation involving random numbers and large primes. Keys transform strings—such as passwords and shared secrets—from unencrypted plaintext to encrypted ciphertext and from encrypted ciphertext to unencrypted plaintext. Keys can be symmetric (the same key is used to encrypt and decrypt) or asymmetric (one key is used for encryption and a mathematically related key is used for decryption). Any system can generate a key. @@ -56,14 +59,16 @@ TSG allows you to delete installed certificates, including default certificate, but if the certificate is already referenced by a policy, TSG does not allow deleting it. You can modify the referenced certificate instead. For detailed information on certificates, see \hyperlink{link:Certificate Management}{\color{linkblue}{Certificate Management}}. -\pdfbookmark[1]{Certificate Managements}{Certificate Managements} +%\pdfbookmark[1]{Certificate Managements}{Certificate Managements} \section*{\hypertarget{link:Certificate Managements}{Certificate Managements}} +\addcontentsline{toc}{section}{Certificate Managements} \label{sec:decrypt:certificate} The digital certificates are used to ensure trust between parties in a secure communication session. Each certificate contains a cryptographic key to encrypt plaintext or decrypt ciphertext. Each certificate also includes a digital signature to authenticate the identity of the issuer. The issuer must be in the list of trusted certificate authorities (CAs) of the authenticating party. -\pdfbookmark[2]{Trusted Certificate Authorities}{Trusted Certificate Authorities} +%\pdfbookmark[2]{Trusted Certificate Authorities}{Trusted Certificate Authorities} \subsection*{\hypertarget{link:Trusted Certificate Authorities}{Trusted Certificate Authorities}} +\addcontentsline{toc}{subsection}{Trusted Certificate Authorities} \label{sec:decrypt:certificate:trusted} TSG trusts the most common and trusted authorities (CAs) by default. These trusted certificate providers are responsible for issuing the certificates TSG requires to secure connections to the internet. The additional CAs you might want to add are trusted enterprise CAs that your organization requires. You can perform the following to import a certificate: @@ -82,8 +87,9 @@ If the CA certificate expires, the system will automatically set the status of t To download it, you can click the cloud icon under \textbf{File}, and wait a few seconds for the file to be downloaded to your local folder. You can search CAs based on ID, Name, Issuer, Common Name and Certificate Fingerprint, or the combination. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Decryption Keyrings}{Decryption Keyrings} +%\pdfbookmark[2]{Decryption Keyrings}{Decryption Keyrings} \subsection*{\hypertarget{link:Decryption Keyrings}{Decryption Keyrings}} +\addcontentsline{toc}{subsection}{Decryption Keyrings} \label{sec:decrypt:certificate:keyring} If your enterprise has its own public key infrastructure (PKI), you can import a certificate and private key into TSG from your enterprise certificate authority (CA). Enterprise CA certificates (unlike most certificates purchased from a trusted, third-party CA) can automatically issue CA certificates for applications such as SSL/TLS decryption. @@ -115,8 +121,9 @@ To edit and delete Keyrings, find the item you want to edit or delete in the lis To download it, you can click the cloud icon under \textbf{Private Key} and \textbf{Certificate}, and wait a few seconds for the file to be downloaded to your local folder. You can search Keyrings based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[3]{Manage Keys with a Hardware Security Module}{Manage Keys with a Hardware Security Module} +%\pdfbookmark[3]{Manage Keys with a Hardware Security Module}{Manage Keys with a Hardware Security Module} \subsubsection*{\hypertarget{link:Manage Keys with a Hardware Security Module}{Manage Keys with a Hardware Security Module}} +\addcontentsline{toc}{subsubsection}{Manage Keys with a Hardware Security Module} \label{sec:decrypt:certificate:keyring:hsm} A hardware security module (HSM) is a physical device that manages digital keys. An HSM provides secure storage and generation of digital keys. It provides both logical and physical protection of these materials from non-authorized use and potential adversaries. HSM clients integrated with TSG enable enhanced security for the private keys used in SSL/TLS decryption. @@ -137,8 +144,9 @@ You can integrate an HSM device by the following procedure. \item[STEP 7.] Click \textbf{OK}. \end{description} -\pdfbookmark[2]{SSL Decryption Exclusion}{SSL Decryption Exclusion} +%\pdfbookmark[2]{SSL Decryption Exclusion}{SSL Decryption Exclusion} \subsection*{\hypertarget{link:SSL Decryption Exclusion}{SSL Decryption Exclusion}} +\addcontentsline{toc}{subsection}{SSL Decryption Exclusion} \label{sec:decrypt:certificate:exclusion} SSL Decryption Exclusion can exclude two types of traffic from decryption: @@ -169,8 +177,9 @@ Go back to SSL Decryption Exclusion tab, you can view detailed information about To edit and delete, find the item you want to edit or delete in the list. Click \textbf{Edit} or \textbf{Delete} at the top left. You can search exclusion list based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Cached Intermediate Certificates}{Cached Intermediate Certificates} +%\pdfbookmark[2]{Cached Intermediate Certificates}{Cached Intermediate Certificates} \subsection*{\hypertarget{link:Cached Intermediate Certificates}{Cached Intermediate Certificates}} +\addcontentsline{toc}{subsection}{Cached Intermediate Certificates} \label{sec:decrypt:certificate:cached} TSG will automatically cache intermediate certificates. You can select \textbf{Settings} > \textbf{Certificate Managements} @@ -186,8 +195,9 @@ If the intermediate certificate expires, the system will automatically set the s You can search intermediate certificates based on ID, Source Website, Issuer, Common Name and Certificate Fingerprint, or the combination. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{SSL Fingerprint}{SSL Fingerprint} +%\pdfbookmark[2]{SSL Fingerprint}{SSL Fingerprint} \subsection*{\hypertarget{link:SSL Fingerprint}{SSL Fingerprint}} +\addcontentsline{toc}{subsection}{SSL Fingerprint} \label{sec:decrypt:certificate:fingerprint} With the improvement of people's security awareness, more and more apps support Pinning. And JA3 fingerprinting is no longer a luxury and is a hard requirement. You can use shared JA3 hash across the network to help accurately identify Pinning applications and then configure the app to Dynamic Bypass or not accordingly in TSG. It can mean the difference between a rapid response and a missed detection. @@ -233,15 +243,17 @@ where the origin server selects suitable content or operating parameters for the The concept of content tailoring is built into the HTTP standard in RFC1945 “for the sake of tailoring responses to avoid particular user agent limitations.” The information in the User-Agent string contributes to the information that the client sends to the server, since the string can vary considerably from user to user. -\pdfbookmark[1]{Proxy Profiles}{Proxy Profiles} +%\pdfbookmark[1]{Proxy Profiles}{Proxy Profiles} \section*{\hypertarget{link:Proxy Profiles}{Proxy Profiles}} +\addcontentsline{toc}{section}{Proxy Profiles} \label{sec:decrypt:profile} A policy rule combines with several conditions and one action. The action determines how to control the traffic, and action parameters are managed in policy profiles. While policy objects enable you to identify traffic to enforce policies, policy profiles help you define further action. -\pdfbookmark[2]{Response Pages}{Response Pages} +%\pdfbookmark[2]{Response Pages}{Response Pages} \subsection*{\hypertarget{link:Response Pages}{Response Pages}} +\addcontentsline{toc}{subsection}{Response Pages} \label{sec:decrypt:profile:response} When the Proxy Policy or Security Policy terminates matched HTTP session with a response page in Deny action, @@ -259,8 +271,9 @@ To edit and delete, find the item you want to edit or delete in the list. Click To download it, you can click the cloud icon under \textbf{File}, and wait a few seconds for the file to be downloaded to your local folder. You can search page list based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Insert Scripts}{Insert Scripts} +%\pdfbookmark[2]{Insert Scripts}{Insert Scripts} \subsection*{\hypertarget{link:Insert Scripts}{Insert Scripts}} +\addcontentsline{toc}{subsection}{Insert Scripts} \label{sec:decrypt:profile:insert} The Proxy Policy can insert a “js” or “css” scripts to webpages. You can upload a script via \textbf{Proxy Profile} > \textbf{Insert Scripts}. @@ -278,8 +291,9 @@ Click \textbf{Edit} or \textbf{Delete} at the top left. To download it, you can and wait a few seconds for the file to be downloaded to your local folder. You can search scripts list based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Hijack Files}{Hijack Files} +%\pdfbookmark[2]{Hijack Files}{Hijack Files} \subsection*{\hypertarget{link:Hijack Files}{Hijack Files}} +\addcontentsline{toc}{subsection}{Hijack Files} \label{sec:decrypt:profile:hijack} The Proxy Policy can hijack a downloading file or page. You can upload a file, img or html for hijack via \textbf{Proxy Profile} > \textbf{Hijack Files}. @@ -299,8 +313,9 @@ Go back to Hijack Files tab, you can view detailed information about the file yo Click \textbf{Edit} or \textbf{Delete} at the top left. To download it, you can click the cloud icon under File, and wait a few seconds for the file to be downloaded to your local folder. You can search file list based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Traffic Mirror Profiles}{Traffic Mirror Profiles} +%\pdfbookmark[2]{Traffic Mirror Profiles}{Traffic Mirror Profiles} \subsection*{\hypertarget{link:Traffic Mirror Profiles}{Traffic Mirror Profiles}} +\addcontentsline{toc}{subsection}{Traffic Mirror Profiles} \label{sec:decrypt:profile:mirror} You also can mirror proxied traffic (decrypted) to third-party servers by referring a traffic mirror profile. The destination servers are described with VLAN Tag or MAC addresses, traffic will be load balanced over multiple servers of one profile. @@ -318,14 +333,16 @@ Go back to Traffic Mirror Profiles tab, you can view detailed information about To edit and delete, find the item you want to edit or delete in the list. Click \textbf{Edit} or \textbf{Delete} at the top left. You can search profile list based on ID and Name. Enter search conditions in search bar and click search icon. -\pdfbookmark[2]{Decryption Profile}{Decryption Profile} +%\pdfbookmark[2]{Decryption Profile}{Decryption Profile} \subsection*{\hypertarget{link:Decryption Profile}{Decryption Profile}} +\addcontentsline{toc}{subsection}{Decryption Profile} \label{sec:decrypt:profile:decryptionprofile} A Decryption Profile includes three parts: Certificate Checks, Dynamic bypass and Protocol Version. -\pdfbookmark[3]{Certificate Checks}{Certificate Checks} +%\pdfbookmark[3]{Certificate Checks}{Certificate Checks} \subsubsection*{\hypertarget{link:Certificate Checks}{Certificate Checks}} +\addcontentsline{toc}{subsubsection}{Certificate Checks} \label{sec:decrypt:profile:decryptionprofile:check} Server certificate verification options allow you to customize certificate check approaches. @@ -350,8 +367,9 @@ Server certificate verification options allow you to customize certificate check \item \textbf{Pass-through}: For expired, untrusted issuer or self-signed certificate, TSG send a certificate that signed by the default untrusted keyring to client-side. Thus, the client-side browser raises an untrusted issuer warning. For mismatched common names, TSG send a certificate that signed by policy defined keyring, client-side browser raises a common name invalid warning. \end{itemize} -\pdfbookmark[3]{Dynamic Bypass}{Dynamic Bypass} +%\pdfbookmark[3]{Dynamic Bypass}{Dynamic Bypass} \subsubsection*{\hypertarget{link:Dynamic Bypass}{Dynamic Bypass}} +\addcontentsline{toc}{subsubsection}{Dynamic Bypass} \label{sec:decrypt:profile:decryptionprofile:bypass} Dynamic bypass options allow you to customize intercept exceptions on policy basis. If an SSL session matches an intercept policy, and has one of following enabled properties, further communication will be exempt from intercept. That is to say, with dynamic bypass enabled, client-side can visit normally. @@ -379,8 +397,9 @@ For more details, see \textbf{\hyperlink{link:Dynamic Bypass when Certificate Pi \textbf{Certificate Not Installed}: Trusted Root Certificate is Not Installed on Client. For more details, see \textbf{\hyperlink{link:Dynamic Bypass when Certificate is Not Installed}{\color{linkblue}{Dynamic Bypass when Certificate is Not Installed}}}. -\pdfbookmark[4]{Dynamic Bypass when Certificate Pinning}{Dynamic Bypass when Certificate Pinning} +%\pdfbookmark[4]{Dynamic Bypass when Certificate Pinning}{Dynamic Bypass when Certificate Pinning} \hypertarget{link:Dynamic Bypass when Certificate Pinning}{\paragraph{Dynamic Bypass when Certificate Pinning}} +\addcontentsline{toc}{paragraph}{Dynamic Bypass when Certificate Pinning} \label{sec:decrypt:profile:decryptionprofile:bypass:pinning} %\newline @@ -415,8 +434,9 @@ If the SSL connection establishment fails as above for 4 or more times in 5 minu Different applications often have different handshake fingerprints, and therefore the proxy will only bypass those use certificate pinning. -\pdfbookmark[4]{Dynamic Bypass when Certificate is Not Installed}{Dynamic Bypass when Certificate is Not Installed} +%\pdfbookmark[4]{Dynamic Bypass when Certificate is Not Installed}{Dynamic Bypass when Certificate is Not Installed} \hypertarget{link:Dynamic Bypass when Certificate is Not Installed}{\paragraph{Dynamic Bypass when Certificate is Not Installed}} +\addcontentsline{toc}{paragraph}{Dynamic Bypass when Certificate is Not Installed} \label{sec:decrypt:profile:decryptionprofile:bypass:notinstalled} %\newline @@ -440,8 +460,9 @@ Let’s dig into the technical details by a use case. There are two clients, cli At the beginning, both Client A and B’s SSL connections are failed for their own reasons. And then, the proxy identifies client B’s SSL connection as MITMable by finding Chrome’s SSL fingerprints status is Not Pinning in the SSL fingerprint profile. Finally, Client A is bypassed, and client B is not. -\pdfbookmark[3]{Protocol Version}{Protocol Version} +%\pdfbookmark[3]{Protocol Version}{Protocol Version} \subsubsection*{\hypertarget{link:Protocol Version}{Protocol Version}} +\addcontentsline{toc}{subsubsection}{Protocol Version} \label{sec:decrypt:profile:decryptionprofile:version} Protocol Versions allows you to configure SSL/TLS versions. By default, Proxy mirrors the client versions. Note that some website disable SSLv3 supports for security concerns, set both minimum and maximum version to SSLv3 will interrupt communications. @@ -449,8 +470,9 @@ Protocol Versions allows you to configure SSL/TLS versions. By default, Proxy mi HTTP/2 is a major revision of the HTTP network protocol that provide increased speed. If Allow HTTP/2 is enabled, user will have better experience, but requires third-party systems to be able to process decrypted HTTP/2 traffic. -\pdfbookmark[3]{Create a Decryption Profile}{Create a Decryption Profile} +%\pdfbookmark[3]{Create a Decryption Profile}{Create a Decryption Profile} \subsubsection*{\hypertarget{link:Create a Decryption Profile}{Create a Decryption Profile}} +\addcontentsline{toc}{subsubsection}{Create a Decryption Profile} \label{sec:decrypt:profile:decryptionprofile:create} Perform the following to create a decryption profile: diff --git a/content/Getting_Started.tex b/content/Getting_Started.tex index e1006d6..11c7161 100644 --- a/content/Getting_Started.tex +++ b/content/Getting_Started.tex @@ -1,12 +1,11 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Getting Started}{Getting Started} +%\pdfbookmark[0]{Getting Started}{Getting Started} \chapter*{\hypertarget{link:Getting Started}{Getting Started}} +\addcontentsline{toc}{chapter}{Getting Started} \label{sec:intro} -%\chapter{Preface} -%\addcontentsline{toc}{chapter}{Preface......} %\section{test} %\addcontentsline{toc}{section}{test......} @@ -27,12 +26,14 @@ Administrators can configure, manage, and monitor Tiangou Secure Gateway using t } \clearpage -\pdfbookmark[1]{System Overview}{System Overview} +%\pdfbookmark[1]{System Overview}{System Overview} \section*{\hypertarget{link:system overview}{System Overview}} +\addcontentsline{toc}{section}{System Overview} \label{sec:intro:overview} -\pdfbookmark[2]{Purpose}{Purpose} +%pdfbookmark[2]{Purpose}{Purpose} \subsection*{\hypertarget{link:Purpose}{Purpose}} +\addcontentsline{toc}{subsection}{Purpose} \label{sec:intro:overview:purpose} The Tiangou Secure Gateway (TSG) can be used for any purpose where keeping track of the traffic flowing in a network is useful. @@ -45,8 +46,9 @@ The following are examples of such purposes:\\ • Network performance optimization.\\ • Network visualization -\pdfbookmark[2]{System Introduction}{System Introduction} +%\pdfbookmark[2]{System Introduction}{System Introduction} \subsection*{\hypertarget{link:System Introduction}{System Introduction}} +\addcontentsline{toc}{subsection}{System Introduction} \label{sec:intro:overview:introduction} Tiangou Secure Gateway (TSG) is a scalable traffic management product for all types of network environments. @@ -61,21 +63,23 @@ The Proxy is deployed in transparent mode; thus, no proxy settings on browser si TSG enables service providers and organizations to gain insight into their network and control traffic in high-performance environments, -such as large data centers and high-bandwidth network perimeters. TSG allows content visibility of HTTP, DNS, MAIL, FTP and SSL. +such as large data centers and high-bandwidth network perimeters. TSG allows content visibility of HTTP, DNS, MAIL, FTP, SSL and SIP. TSG identifies and controls applications as well as evasive tools blocking. The TSG is able to modify HTTP sessions, as well as override redirect request, modify headers, inject scripts, replace texts and respond with an uploaded file. The TSG has an SSL Proxy allows all decrypted traffic to be mirrored to a third-party system for additional analysis. -\pdfbookmark[2]{Who is this Guide for?}{Who is this Guide for?} +%\pdfbookmark[2]{Who is this Guide for?}{Who is this Guide for?} \subsection*{\hypertarget{link:Who is this Guide for}{Who is this Guide for?}} +\addcontentsline{toc}{subsection}{Who is this Guide for?} \label{sec:intro:overview:for} This manual is for TSG operators, system administrators and implementation personnel. -\pdfbookmark[1]{Logging into the System}{Logging into the System} +%\pdfbookmark[1]{Logging into the System}{Logging into the System} \section*{\hypertarget{link:Logging into the System}{Logging into the System}} +\addcontentsline{toc}{section}{Logging into the System} \label{sec:intro:logging} You can use the Web Interface to perform configuration and monitoring tasks with relative ease. @@ -98,12 +102,14 @@ However, the best practice is to install the latest version. You can connect to an LDAP server when you set the Authentication Mode to LDAP.} -\pdfbookmark[2]{Logging into the Web Interface}{Logging into the Web Interface} +%\pdfbookmark[2]{Logging into the Web Interface}{Logging into the Web Interface} \subsection*{\hypertarget{link:Logging into the Web Interface}{Logging into the Web Interface}} +\addcontentsline{toc}{subsection}{Logging into the Web Interface} \label{sec:intro:logging:for} -\pdfbookmark[2]{Changing Your Password}{Changing Your Password} +%\pdfbookmark[2]{Changing Your Password}{Changing Your Password} \subsection*{\hypertarget{link:Changing Your Password}{Changing Your Password}} +\addcontentsline{toc}{subsection}{Changing Your Password} \label{sec:intro:logging:password} You should periodically change your password. The following procedure explains how to change the password while logged into TSG. @@ -116,8 +122,9 @@ You should periodically change your password. The following procedure explains h \item[STEP 4.]Click \textbf{OK}.\\ \end{description} -\pdfbookmark[2]{Login Restrictions}{Login Restrictions} +%\pdfbookmark[2]{Login Restrictions}{Login Restrictions} \subsection*{\hypertarget{link:Login Restrictions}{Login Restrictions}} +\addcontentsline{toc}{subsection}{Login Restrictions} \label{sec:intro:logging:restrictions} TSG restricts administrator logins to improve system security. An IP address will be Lockout after maximum login attempts. @@ -134,8 +141,9 @@ And you can specify limited IP addresses to be able to login the system. Configu \item[STEP 6.]Click \textbf{OK}. \end{description} -\pdfbookmark[1]{Set Up a Basic Security Policy}{Set Up a Basic Security Policy} +%\pdfbookmark[1]{Set Up a Basic Security Policy}{Set Up a Basic Security Policy} \section*{\hypertarget{link:Set Up a Basic Security Policy}{Set Up a Basic Security Policy}} +\addcontentsline{toc}{section}{Set Up a Basic Security Policy} \label{sec:intro:security} Use the following workflow set up a very basic Security policy. This gives you a brief idea of policies so that you can verify that you have successfully configured TSG. @@ -179,8 +187,9 @@ Use the following workflow set up a very basic Security policy. This gives you a A prompt window will appear to remind you that changes you made are not saved.} -\pdfbookmark[1]{Set Up a Basic Proxy Policy}{Set Up a Basic Proxy Policy} +%\pdfbookmark[1]{Set Up a Basic Proxy Policy}{Set Up a Basic Proxy Policy} \section*{\hypertarget{link:Set Up a Basic Proxy Policy}{Set Up a Basic Proxy Policy}} +\addcontentsline{toc}{section}{Set Up a Basic Proxy Policy} \label{sec:intro:proxy} Security Policies with Intercept actions intercept HTTP/HTTPS traffic for proxy, which is a prerequisite for proxy policy. @@ -221,8 +230,9 @@ You can perform the following to set up a basic proxy policy. \\ \item[STEP 3.] Go to \textbf{Logs} > \textbf{Proxy Event Logs} and view \textbf{Logs} to monitor the policy rule status, verify if the proxy rule has been hit and determine the effectiveness of the policy rule. \end{description} -\pdfbookmark[1]{Command Line Interface}{Command Line Interface} +%\pdfbookmark[1]{Command Line Interface}{Command Line Interface} \section*{\hypertarget{link:Command Line Interface}{Command Line Interface}} +\addcontentsline{toc}{section}{Command Line Interface} \label{sec:intro:command} You can use the TSG Command Line Interface (CLI) to perform a series of tasks by entering commands in rapid succession over SSH. @@ -234,8 +244,9 @@ The other CLI commands only work on local device. When you become familiar with For more details, please view \textcolor{darkblue}{\textbf{\underline{TSG CLI User Guide}}}. -\pdfbookmark[1]{TSG Integration API}{TSG Integration API} +%\pdfbookmark[1]{TSG Integration API}{TSG Integration API} \section*{\hypertarget{link:TSG Integration API}{TSG Integration API}} +\addcontentsline{toc}{section}{TSG Integration API} \label{sec:intro:api} TSG Integration API is a web service implemented using HTTP requests and responses following architecture style REST the RESTful API. @@ -245,12 +256,14 @@ You can use this RESTful API to streamline your operations and integrate with ex For more details, please refer to \textcolor{darkblue}{\textbf{\underline{TSG Integration API Specification}}}. -\pdfbookmark[1]{TSG Administration}{TSG Administration} +%\pdfbookmark[1]{TSG Administration}{TSG Administration} \section*{\hypertarget{link:TSG Administration}{TSG Administration}} +\addcontentsline{toc}{section}{TSG Administration} \label{sec:intro:admin} -\pdfbookmark[2]{Configure TSG Users}{Configure TSG Users} +%\pdfbookmark[2]{Configure TSG Users}{Configure TSG Users} \subsection*{\hypertarget{link:Configure TSG Users}{Configure TSG Users}} +\addcontentsline{toc}{subsection}{Configure TSG Users} \label{sec:intro:admin:users} The following table list three authentication mode for TSG:\\ @@ -297,8 +310,9 @@ and the detail pages of Policies and Objects are locked. • Read Only—Read-only access to the selected feature.\\ • Disable—No access to the selected feature.\\ -\pdfbookmark[3]{Users and Roles}{Users and Roles} +%\pdfbookmark[3]{Users and Roles}{Users and Roles} \subsubsection*{\hypertarget{link:Users and Roles}{Users and Roles}} +\addcontentsline{toc}{subsubsection}{Users and Roles} \label{sec:intro:admin:users:role} Perform the following steps to add a LOCAL administrative account on TSG.\\ @@ -331,8 +345,9 @@ See \hyperlink{link:Roles and Permissions}{\textcolor{linkblue}{Roles and Permis \notemark\textit{And TSG supports 100 concurrent users at present.} -\pdfbookmark[3]{Roles and Permissions}{Roles and Permissions} +%\pdfbookmark[3]{Roles and Permissions}{Roles and Permissions} \subsubsection*{\hypertarget{link:Roles and Permissions}{Roles and Permissions}} +\addcontentsline{toc}{subsubsection}{Roles and Permissions} \label{sec:intro:admin:users:permission} There are two predefined roles in TSG, including:\\ @@ -360,8 +375,9 @@ Perform the following to create a new role: Make sure Devices are enabled before you enable Dashboard, because Devices affects the reading of data for device module in Dashboard.} -\pdfbookmark[2]{Enroll LDAP Servers}{Enroll LDAP Servers} +%\pdfbookmark[2]{Enroll LDAP Servers}{Enroll LDAP Servers} \subsection*{\hypertarget{link:Enroll LDAP Servers}{Enroll LDAP Servers}} +\addcontentsline{toc}{subsection}{Enroll LDAP Servers} \label{sec:intro:admin:ldap} Configuring TSG to connect to a LDAP server enables you to login in LDAP Authentication Mode with LDAP account. Perform the following steps to add a LDAP server on TSG. @@ -390,8 +406,9 @@ In \textbf{Administration} > \textbf{LDAP Server} page, you can view the LDAP Se Select the item you wish to change in the list and click \textbf{Edit} to modify LDAP server information. You can delete or disable the LDAP server and after that you will not be able to log into the system with the LDAP account. -\pdfbookmark[2]{Audit Log}{Audit Log} +%\pdfbookmark[2]{Audit Log}{Audit Log} \subsection*{\hypertarget{link:Audit Log}{Audit Log}} +\addcontentsline{toc}{subsection}{Audit Log} \label{sec:intro:admin:audit} If you perform an operation which influence the running of TSG, TSG will generate a log about this action. @@ -399,8 +416,9 @@ For example, Audit Log will record the operations of adding or deleting or updat You can view \textbf{Administration} > \textbf{Audit Log} to see details. You can query audit logs within certain time range by ID, Source IP or Target Type. Audit logs can be exported as trace evidence. And when you are editing a policy or an object, you will find a link to audit log about this policy or object. -\pdfbookmark[2]{Mail Server}{Mail Server} +%\pdfbookmark[2]{Mail Server}{Mail Server} \subsection*{\hypertarget{link:Mail Server}{Mail Server}} +\addcontentsline{toc}{subsection}{Mail Server} \label{sec:intro:admin:mail} Configure Mail Server to send mail alerts, which is currently used to send reports. Perform the following to create a Mail server profile: diff --git a/content/Monitoring.tex b/content/Monitoring.tex index 92e7413..8b456ab 100644 --- a/content/Monitoring.tex +++ b/content/Monitoring.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Monitoring}{Monitoring} +%\pdfbookmark[0]{Monitoring}{Monitoring} \chapter*{\hypertarget{link:Monitoring}{Monitoring}} +\addcontentsline{toc}{chapter}{Monitoring} \label{sec:monitor} To forestall potential issues and to accelerate incidence response when needed, TSG provides intelligence about traffic and user patterns using customizable and informative reports. @@ -19,8 +20,9 @@ to find the information you care about. } \clearpage -\pdfbookmark[1]{Use the Dashboard}{Use the Dashboard} +%\pdfbookmark[1]{Use the Dashboard}{Use the Dashboard} \section*{\hypertarget{link:Use the Dashboard}{Use the Dashboard}} +\addcontentsline{toc}{section}{Use the Dashboard} \label{sec:monitor:dashboard} The TSG Dashboard include two sub menus, Main Board and Live Chart. Main Board show general TSG system overview, endpoints, policy hits statistics. By default, the Main Board shows information of the last 24 hours. However, you can customize time range by clicking the time widget. By default, the statistics on the screen will not refresh automatically. You can turn it on and the Minimum Refresh Time is 15s. The following table describes the Main Board widgets: @@ -54,7 +56,7 @@ Live Chart show network summary, survey statistics, throughput and protocol info \multicolumn{2}{l!{\vlineblack}}{Network Summary} & Displays Unique Client IP count, Sessions, Date Rate and Throughput. \\ \hline \multicolumn{2}{l!{\vlineblack}}{Survey Statistics} & Displays the percentage and number of Uncategorized Traffic, One-side Connections, Sequence Gap Loss and Packet Fragmentation. \\ \hline \multirow{4}{*}{Protocols} & Total Throughput & Displays Total Throughput in real-time by protocol. When you click the Protocol Composition pie chart, it updates dynamically. The first time to enter the page the X-axis displays 20\% of the current time scope. (Sometimes the peak data is outside the display window, so the line graph will appear empty.) You can adjust the display time window as needed. \\ \cline{2-3} - & \tabincell{l}{Protocol\\ Composition} & Classify traffic by protocol shown in pie chart view. The pie chart shows the distribution (or percentage) of each level of protocol and the total bandwidth.\\ \cline{2-3} + & \tabincell{l}{Protocol\\ Composition} & Classify traffic by protocol shown in Sunburst chart view. The Sunburst chart shows the distribution (or percentage) of each level of protocol and the total bandwidth. Sunburst chart supports zoom in and out. You can also drag and reset it.\\ \cline{2-3} & Network Protocol Tree & It is like the Protocol Composition widget, but displayed in tree structure.\\ \cline{2-3} & Protocol Statistics & Displays the Sent Packets, Received Packets and Sessions of each protocol.\\ \hline \end{longtable} @@ -62,8 +64,9 @@ Live Chart show network summary, survey statistics, throughput and protocol info \notemark\textit{You can click a specific protocol to display the detailed data about it shown in the adjacent widget: Total Throughput, Network Protocol Tree and Protocol Statistics. As you can see the three widgets change dynamically when you click different protocol. By default, the reports of ETHERNET will be displayed. For the full list of Network Protocol Tree, please refer to Appendix B Network Protocol Tree.} -\pdfbookmark[1]{View and Manage Logs}{View and Manage Logs} +%\pdfbookmark[1]{View and Manage Logs}{View and Manage Logs} \section*{\hypertarget{link:View and Manage Logs}{View and Manage Logs}} +\addcontentsline{toc}{section}{View and Manage Logs} \label{sec:monitor:log} A log is an automatically generated, time-stamped file that provides an audit trail for network traffic events that TSG monitors. Log records contain columns, which are properties, activities, or behaviors associated with the logged event. Each log type records information for a different event type. You can see the following 4 log types in the Log pages. @@ -80,8 +83,9 @@ A log is an automatically generated, time-stamped file that provides an audit tr • Radius Logs -\pdfbookmark[2]{Log Types}{Log Types} +%\pdfbookmark[2]{Log Types}{Log Types} \subsection*{\hypertarget{link:Log Types}{Log Types}} +\addcontentsline{toc}{subsection}{Log Types} \label{sec:monitor:log:type} Security Event Logs and Proxy Event Logs @@ -106,8 +110,9 @@ You can use the Account information in radius log to create \hyperlink{link:Subs Please refer to \hyperlink{link:Appendix C Log Fields Description}{\color{linkblue}{Appendix C Logs Fields Description}} for more details. -\pdfbookmark[2]{View Logs}{View Logs} +%\pdfbookmark[2]{View Logs}{View Logs} \subsection*{\hypertarget{link:View Logs}{View Logs}} +\addcontentsline{toc}{subsection}{View Logs} \label{sec:monitor:log:view} You can view the different log types on TSG in a tabular format. @@ -131,21 +136,31 @@ You can view the different log types on TSG in a tabular format. \end{enumerate} \end{description} -\pdfbookmark[2]{Filter Logs}{Filter Logs} +%\pdfbookmark[2]{Filter Logs}{Filter Logs} \subsection*{\hypertarget{link:Filter Logs}{Filter Logs}} +\addcontentsline{toc}{subsection}{Filter Logs} \label{sec:monitor:log:filter} -The ability to filter logs is useful for focusing on events on your TSG that possess particular attributes. Filter logs by columns that are associated with individual log records. For example, filtering by the Policy ID makes it easier to pinpoint the specific rule you want to locate, even among many similarly rules. If your ruleset is very large and contains many rules, using the rule’s Policy ID as a filter spotlights the particular rule you need to find without having to navigate through pages of results. +The ability to filter logs is useful for focusing on events on your TSG that possess particular attributes. +Filter logs by columns that are associated with individual log records. For example, filtering by the Policy ID makes it easier to pinpoint the specific rule you want to locate, +even among many similarly rules. If your ruleset is very large and contains many rules, using the rule’s Policy ID +as a filter spotlights the particular rule you need to find without having to navigate through pages of results. +TSG log filter supports search by multiple fields in AND/OR relation. You can perform exact match search and fuzzy search using Operators. To filter logs, follow these steps: + \begin{description} \item[STEP 1.] Select \textbf{Logs}. Select a log type from the list. For example, \textbf{Proxy Event Logs}. - \item[STEP 2.] Select the log generated time period. By default, it shows logs of last hour. - \item[STEP 3.] Search by one or more artifacts. For example, enter the Client IP 192.168.50.62 and Action Deny to display only entries that contain both artifacts in the log. You can search by the following artifacts: Log ID, Policy ID, Subscriber ID, Client IP, Server IP, Server Port, Action, Sled IP, Session ID, Http.URL, Http.Domain, SSL.SNI and Schema Type. + \item[STEP 2.] Select the time period picker. By default, it shows logs of \textbf{Last 1 hour}. + \item[STEP 3.] Click \textbf{Add Filter} to add search term. The supported search fields are: Log ID, Policy ID, Subscriber ID, Client IP, Internal IP, Client Port, + Server IP, Server Port, External IP, Action, Sled IP, Schema Type, Data Center, Session ID, TCP Client ISN, TCP Server ISN, Http.URL, Http.Domain, SSL.SNI and SSL. JA3 hash. + Then, select \textbf{Operator}, such as =, !=, in, not in, like, not like, notEmpty, empty. And input the value. If you wish to add multiple search fields, click Add Filter again, and proceed. + TSG support \textbf{AND}/\textbf{OR} relations between search fileds. For example, enter Client IP 192.168.50.62 and Action Deny to display only entries that contain both fields in the log. \end{description} -\pdfbookmark[2]{Export Logs}{Export Logs} +%\pdfbookmark[2]{Export Logs}{Export Logs} \subsection*{\hypertarget{link:Export Logs}{Export Logs}} +\addcontentsline{toc}{subsection}{Export Logs} \label{sec:monitor:log:export} You can export the contents of a log type to a xlsx file. First, Filter Logs according to time and other conditions. Then, Click the Log Export icon on the right. Wait a few seconds for the file to be generated and downloaded to your local folder. @@ -153,8 +168,9 @@ You can export the contents of a log type to a xlsx file. First, Filter Logs acc \notemark\textit{Maximum export log records are 100000.} -\pdfbookmark[1]{View and Manage Reports}{View and Manage Reports} +%\pdfbookmark[1]{View and Manage Reports}{View and Manage Reports} \section*{\hypertarget{link:View and Manage Reports}{View and Manage Reports}} +\addcontentsline{toc}{section}{View and Manage Reports} \label{sec:monitor:report} The reporting capabilities on TSG allow you to keep a pulse on your network and focus your efforts on maintaining network security for keeping your users safe and productive. @@ -749,8 +765,9 @@ Advantages of TSG report: \item Report archive: Support online sending or offline exporting to report archive. \end{itemize} -\pdfbookmark[1]{Take Packet Captures}{Take Packet Captures} +%\pdfbookmark[1]{Take Packet Captures}{Take Packet Captures} \section*{\hypertarget{link:Take Packet Captures}{Take Packet Captures}} +\addcontentsline{toc}{section}{Take Packet Captures} \label{sec:monitor:packet} TSG captures packets for all traffic or for specific traffic based on filters that you define. For example, you can configure TSG to only capture packets to and from a specific source and destination IP address or port. You may need to take packet captures when creating a custom application, because you have to gather information about the application. diff --git a/content/Objects.tex b/content/Objects.tex index 1f0ea8e..0ce574f 100644 --- a/content/Objects.tex +++ b/content/Objects.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Objects}{Objects} +%\pdfbookmark[0]{Objects}{Objects} \chapter*{\hypertarget{link:Objects}{Objects}} +\addcontentsline{toc}{chapter}{Objects} \label{sec:objects} A policy object consists of one item or a set of collective items that groups discrete identities such as IP addresses, URLs, applications, or accounts. @@ -46,8 +47,9 @@ Click the solid circle to unfold the referenced ancient object and click the hol You can reference objects and object groups in your policies. Thus, you reduce the administrative overhead in creating policies. You can identify an object by its name or ID number. The object ID never changes even if you modify the object, such as when you change the object name. -\pdfbookmark[1]{Objects Type}{Objects Type} +%\pdfbookmark[1]{Objects Type}{Objects Type} \section*{\hypertarget{link:Objects Type}{Objects Type}} +\addcontentsline{toc}{section}{Objects Type} \label{sec:objects:type} You can create the following policy objects on TSG. A policy object consists of one or multiple items, while an object group is composed of one or multiple subordinate objects. @@ -116,8 +118,9 @@ You can also import objects by clicking the import icon. Only csv and txt format Select the checkbox for objects in the list and Click \textbf{Watch} at the bottom to add to Watch List. And then you can click the star icon in the bottom right and select Object tab to view the Watch List. You can search objects by ID and Name in the list. -\pdfbookmark[1]{IP Addresses}{IP Addresses} +%\pdfbookmark[1]{IP Addresses}{IP Addresses} \section*{\hypertarget{link:IP Addresses}{IP Addresses}} +\addcontentsline{toc}{section}{IP Addresses} \label{sec:objects:ip} An address object is a set of IP addresses that you can manage in one place and then use in multiple policy rules. You can reference the same address object in multiple policy rules without needing to specify the same individual addresses in each use. Furthermore, create an address object on TSG to group IP addresses, and then reference the address object in a policy rule to avoid having to individually specify multiple IP addresses in the rule. For example, you can create an address object that specifies an IPv4 address range and then reference the address object in a Security policy rule. @@ -154,8 +157,9 @@ You can perform the following to create an IP object: \item[STEP 9.] Click \textbf{OK}. \end{description} -\pdfbookmark[2]{IP Libraries}{IP Libraries} +%\pdfbookmark[2]{IP Libraries}{IP Libraries} \subsection*{\hypertarget{link:IP Libraries}{IP Libraries}} +\addcontentsline{toc}{subsection}{IP Libraries} \label{sec:objects:ip:library} IP Libraries map geographic locations to IP addresses. TSG provides built-in IP libraries, so you can select Geography Sub Type when creating IP Address object. You can also import your own geography and IP addresses mappings. @@ -179,8 +183,9 @@ The following steps guide you to Create Geography: You can \textbf{Edit} or \textbf{Delete} imported Geography. When editing built-in geography, please operate with caution. -\pdfbookmark[1]{Subscriber IDs}{Subscriber IDs} +%\pdfbookmark[1]{Subscriber IDs}{Subscriber IDs} \section*{\hypertarget{link:Subscriber IDs}{Subscriber IDs}} +\addcontentsline{toc}{section}{Subscriber IDs} \label{sec:objects:subscriber} You can create Subscriber ID to keep track of Radius traffic user. After you create Subscriber ID object, you can use it in your policy rule and Active Subscriber ID will be shown in your dashboard. @@ -197,8 +202,9 @@ You can perform the following to create a Subscriber ID: \item[STEP 6.] Click \textbf{OK}. \end{description} -\pdfbookmark[1]{Categories}{Categories} +%\pdfbookmark[1]{Categories}{Categories} \section*{\hypertarget{link:Categories}{Categories}} +\addcontentsline{toc}{section}{Categories} \label{sec:objects:category} Category classifies websites based on site content, features, safety and so on. TSG firewall has built-in categories. @@ -206,8 +212,9 @@ Category classifies websites based on site content, features, safety and so on. Please refer to \hyperlink{link:Appendix A Built-in Category}{\color{linkblue}{Appendix A Built-in Category}} for more details. -\pdfbookmark[1]{Applications}{Applications} +%\pdfbookmark[1]{Applications}{Applications} \section*{\hypertarget{link:Applications}{Applications}} +\addcontentsline{toc}{section}{Applications} \label{sec:objects:application} An application is any program, or group of programs, that is designed for the end user to perform an activity. Applications enables visibility into the applications on the network, so you can category them and understand their characteristics and their relative risk. This application knowledge allows you to create and enforce security policy rules to allow and inspect applications and deny unwanted applications. When you use policy rules to control traffic, applications can classify traffic without any additional configuration. @@ -221,8 +228,9 @@ The firewall identifies application with predefined and customized signature. Th When creating a security policy, there are built-in protocols and well-known Applications and customized Applications in the list. You can search the application you want to fill in. You can also use application selector and group as objects in policy -\pdfbookmark[2]{Signatures}{Signatures} +%\pdfbookmark[2]{Signatures}{Signatures} \subsection*{\hypertarget{link:Signatures}{Signatures}} +\addcontentsline{toc}{subsection}{Signatures} \label{sec:objects:application:signature} In TSG, application is composed of App ID, Properties and Signature Sequence. App ID is the unique identification of Application. Application Properties include Category, Subcategory, Technology, Risk and Characteristics. You can create Application Selector based on application Properties. Signature refers to the expression of network traffic attributes in a specific scope. Traffic Attribute is a piece of information which obtained from network transfer unit. Signature Sequence is the signatures of the application that appear in a certain order. There is a sequential "and" relationship between signatures. @@ -265,8 +273,9 @@ The following demonstrates how to create a customized signature. You can \textbf{Edit} or \textbf{Delete} your signature and reference one or multiple signatures when creating application object. -\pdfbookmark[2]{Customized Attributes}{Customized Attributes} +%\pdfbookmark[2]{Customized Attributes}{Customized Attributes} \subsection*{\hypertarget{link:Customized Attributes}{Customized Attributes}} +\addcontentsline{toc}{subsection}{Customized Attributes} \label{sec:objects:application:attribute} The traffic attribute is the information obtained after the analysis of the network transmission unit. The attributes used by the App recognition can be found in \textbf{Appendix F Best Practices} > \textbf{\hyperlink{link:Custom Application}{\color{linkblue}{Custom Application}}}. @@ -295,8 +304,9 @@ The following is a basic example of how to create a customized attribute. You can \textbf{Edit} or \textbf{Delete} your customized attributes and download the Uploaded File. -\pdfbookmark[2]{Custom Application}{Custom Application} +%\pdfbookmark[2]{Custom Application}{Custom Application} \subsection*{\hypertarget{link:Custom Application}{Custom Application}} +\addcontentsline{toc}{subsection}{Custom Application} \label{sec:objects:application:customize} Applications allow you classify all traffic, across all ports, all the time. To ensure that your internal custom applications do not show up as unknown traffic, you can create a custom application. Then practice granular policy control over these applications to minimize the range of unidentified traffic on your network. @@ -364,8 +374,9 @@ The following is a basic example of how to create a custom application. \end{enumerate} \end{description} -\pdfbookmark[2]{Application Selector}{Application Selector} +%\pdfbookmark[2]{Application Selector}{Application Selector} \subsection*{\hypertarget{link:Application Selector}{Application Selector}} +\addcontentsline{toc}{subsection}{Application Selector} \label{sec:objects:application:selector} An application selector is an object that dynamically groups applications based on application attributes that you define, including category, subcategory, technology, risk and characteristics. This is useful when you want to enable access to applications that you do not explicitly sanction, but that you want users to be able to access. For example, you may want to enable employees to choose their own office programs, such as Evernote, Google Docs, or Microsoft Office, for business use. To enable these types of applications, you could create an application selector that matches on the Category business-systems and the Subcategory office-programs. As new applications office programs emerge, these new applications will automatically match the selector you defined; you don’t have to make any additional changes to your policy rules to enable any application that matches the attributes you defined for the selector. @@ -378,8 +389,9 @@ An application selector is an object that dynamically groups applications based When you have adjusted the filter attributes to match the types of applications you want to safely enable, click \textbf{OK}. \end{description} -\pdfbookmark[2]{Application Group}{Application Group} +%\pdfbookmark[2]{Application Group}{Application Group} \subsection*{\hypertarget{link:Application Group}{Application Group}} +\addcontentsline{toc}{subsection}{Application Group} \label{sec:objects:application:group} An application group is an object that contains applications that you want to treat similarly in a policy. Application groups are useful for allow or deny access to applications that you explicitly sanction or forbid. Grouping sanctioned or forbidden applications simplifies administration of your rules. Instead of having to update individual policy rules when there is a change in the applications you sanction or deny, you can update only the affected application groups. @@ -395,8 +407,9 @@ When deciding how to group applications, consider how you plan to enforce access \item[STEP 5.] Click \textbf{OK}. \end{description} -\pdfbookmark[1]{Configure Object Group}{Configure Object Group} +%\pdfbookmark[1]{Configure Object Group}{Configure Object Group} \section*{\hypertarget{link:Configure Object Group}{Configure Object Group}} +\addcontentsline{toc}{section}{Configure Object Group} \label{sec:objects:group} A policy object consists of one or multiple items, while an object group is composed of one or multiple subordinate objects. An object group is also considered as an object. Typically, when creating a policy object, you organize objects that require similar permissions in policy. One object is allowed to reference same type objects as subordinate objects, but not allowed to add items in object. For example, An IP object defines a set of single address, whereas an IP object group can define more than one address object. By grouping objects, you can significantly reduce the administrative overhead in creating policies. You can create object group for all types of objects. diff --git a/content/Policies.tex b/content/Policies.tex index 37d7d0c..0f7c171 100644 --- a/content/Policies.tex +++ b/content/Policies.tex @@ -1,7 +1,8 @@ % !TEX root = ../TSG_Administrator's_Guide_Latest_EN.tex % -\pdfbookmark[0]{Policies}{Policies} +%\pdfbookmark[0]{Policies}{Policies} \chapter*{\hypertarget{link:Policies}{Policies}} +\addcontentsline{toc}{chapter}{Policies} \label{sec:policies} The policy is the axis around which most features of TSG revolve. Many TSG settings end up relating to or being associated with the policies and the traffic they govern. @@ -24,8 +25,9 @@ the traffic is scanned and a log is generated. If it is Intercept, the traffic i } \clearpage -\pdfbookmark[1]{Policy Concepts}{Policy Concepts} +%\pdfbookmark[1]{Policy Concepts}{Policy Concepts} \section*{\hypertarget{link:Policy Concepts}{Policy Concepts}} +\addcontentsline{toc}{section}{Policy Concepts} \label{sec:policies:concepts} Policies allow you to enforce rules and take action. From TSG’s perspective, network packets are first resembled to a session, and identified as many manageable attributes. @@ -46,8 +48,9 @@ The policy ID allows you to track the rule across rules even after you disable t \notemark\textit{Note that activation of policy rules on all devices is no more than 1 minute. For details about capacities of policies and URLs/URIs, and other system parameters, see \textcolor{darkblue}{\textbf{\underline{ADC-L404 Datasheet}}}.} -\pdfbookmark[2]{Rule Types}{Rule Types} +%\pdfbookmark[2]{Rule Types}{Rule Types} \subsection*{\hypertarget{link:Rule Types}{Rule Types}} +\addcontentsline{toc}{subsection}{Rule Types} \label{sec:policies:concepts:types} TSG supports a variety of policy types that work together to safely enable applications on your network. The different types of policy rules that you can create on TSG are:\\ @@ -65,8 +68,9 @@ TSG supports a variety of policy types that work together to safely enable appli \end{longtable} %end{table} -\pdfbookmark[2]{Policy Conditions}{Policy Conditions} +%\pdfbookmark[2]{Policy Conditions}{Policy Conditions} \subsection*{\hypertarget{link:Policy Conditions}{Policy Conditions}} +\addcontentsline{toc}{subsection}{Policy Conditions} \label{sec:policies:concepts:conditions} Each rule has a set of conditions. All criteria need to match if the rule action is to be used. The order of each condition in the list is irrelevant. @@ -90,8 +94,9 @@ Take HTTP as an example, possible values of its Filter can be Host, URL, Request For more details about policy objects, see \hyperlink{link:Objects}{\color{linkblue}{Objects}}. -\pdfbookmark[2]{Policy Hierarchy and Evaluation Order}{Policy Hierarchy and Evaluation Order} +%\pdfbookmark[2]{Policy Hierarchy and Evaluation Order}{Policy Hierarchy and Evaluation Order} \subsection*{\hypertarget{link:Policy Hierarchy and Evaluation Order}{Policy Hierarchy and Evaluation Order}} +\addcontentsline{toc}{subsection}{Policy Hierarchy and Evaluation Order} \label{sec:policies:concepts:order} TSG firewall uses a network stack to process the packet, like the OSI model. When a network packet passes through, it will be parsed and resembled to a network session. @@ -182,8 +187,9 @@ until the application is identified, at which time the security rules are re-eva For more details about how TSG process packet flow, please see \hyperlink{link:Appendix E TSG Packet Flow}{\color{linkblue}{Appendix E TSG Packet Flow}}. -\pdfbookmark[1]{Security Policy}{Security Policy} +%\pdfbookmark[1]{Security Policy}{Security Policy} \section*{\hypertarget{link:Security Policy}{Security Policy}} +\addcontentsline{toc}{section}{Security Policy} \label{sec:policies:security} Security policies determine whether to deny, allow, monitor or intercept a session based on initial session attributes, @@ -201,8 +207,9 @@ A packet is matched against the first rule that meets the defined criteria and, Session that matches a rule generates a log entry at the end of the session in the security event log if you enable logging for that rule. The logging options are configurable for each rule. -\pdfbookmark[2]{Components of a Security Policy Rule}{Components of a Security Policy Rule} +%\pdfbookmark[2]{Components of a Security Policy Rule}{Components of a Security Policy Rule} \subsection*{\hypertarget{link:Components of a Security Policy Rule}{Components of a Security Policy Rule}} +\addcontentsline{toc}{subsection}{Components of a Security Policy Rule} \label{sec:policies:security:component} The Security policy rule construct permits a combination of the required and optional fields as detailed in the following table:\\ @@ -215,7 +222,7 @@ The Security policy rule construct permits a combination of the required and opt & Application & The application that you wish to control. It provides application control and visibility in creating security policies that block unknown applications, while enabling, inspecting, and shaping those that are allowed. For more information, see \textbf{Objects} > \textbf{Applications} and \hyperlink{link:Appendix B Predefined Applications}{\color{linkblue}{Appendix B Predefined Application}}.\\ \hline \multirow{9}{*}{Optional} & Source & Define host IP addresses, address groups, Subscriber ID, IP Learning, or Geographic enforcement.\\ \cline{2-3} & Destination & The location or destination for the packet. Define host IP addresses, address groups, IP Learning, or Geographic enforcement.\\ \cline{2-3} - & Filter & All web traffics are compared against the filtering, giving you a way to safely control how your users interact with online content. You will have Filter available when you select only one of the following protocols: HTTP, SSL, DNS, MAIL, FTP and QUIC in Applicationfield.\\ \cline{2-3} + & Filter & All web traffics are compared against the filtering, giving you a way to safely control how your users interact with online content. You will have Filter available when you select only one of the following protocols: HTTP, SSL, DNS, MAIL, FTP, QUIC and SIP in Applicationfield.\\ \cline{2-3} & Tag & A keyword or phrase that help you to identify the policy. \\ \cline{2-3} & Effective Devices & Select the devices that the security rule will be applied.\\ \cline{2-3} & Schedule & Schedule when (day and time) the security rule should be in effect. \\ \cline{2-3} @@ -224,8 +231,9 @@ The Security policy rule construct permits a combination of the required and opt & Enabled & Only enabled policies will be enforced.\\ \hline \end{longtable} -\pdfbookmark[2]{Actions}{Security Actions} +%\pdfbookmark[2]{Actions}{Security Actions} \subsection*{\hypertarget{link:Security Actions}{Actions}} +\addcontentsline{toc}{subsection}{Actions} \label{sec:policies:security:action} For traffic that matches the attributes defined in a security policy, you can apply the following actions:\\ @@ -251,8 +259,9 @@ For traffic that matches the attributes defined in a security policy, you can ap Monitor & Scan all allowed traffic and generate a detailed log.\\\hline \end{longtable} -\pdfbookmark[2]{Applications and Filters}{Security Applications and Filters} +%\pdfbookmark[2]{Applications and Filters}{Security Applications and Filters} \subsection*{\hypertarget{link:Security Applications and Filters}{Applications and Filters}} +\addcontentsline{toc}{subsection}{Applications and Filters} \label{sec:policies:security:filter} AppSketch is a traffic classification system available in TSG firewalls, determines what an application is irrespective of port, protocol, @@ -279,7 +288,7 @@ and their relative risk. When you define policy rules to control traffic, applic \end{longtable} -You will have Filter available when you select only one of the following protocols: HTTP, SSL, DNS, MAIL, FTP and QUIC. +You will have Filter available when you select only one of the following protocols: HTTP, SSL, DNS, MAIL, FTP, QUIC and SIP. The following table lists different Filter fields for each protocol and the available object type you can select for each filter field, it also shows whether each filter field support allow, deny, monitor and intercept action or not. @@ -329,6 +338,8 @@ it also shows whether each filter field support allow, deny, monitor and interce \multirow{3}{*}{FTP} & URI & URLs & \xmark & \cmark & \cmark & \xmark \\ \cline{2-7} & Content & Keywords & \xmark & \cmark & \cmark & \xmark \\ \cline{2-7} & Account & Accounts & \xmark & \cmark & \cmark & \xmark \\ \hline + \multirow{2}{*}{\tabincell{l}{SIP(used in\\ VoIP)}} & Originator Description & \multirow{2}{*}{\tabincell{l}{Accounts}} & \cmark & \cmark & \cmark & \xmark \\ \cline{2-2}\cline{4-7} + & Responder Description & & \cmark & \cmark & \cmark & \xmark \\ \hline \end{longtable} @@ -365,8 +376,24 @@ There are three factors in evaluation of policies. They are condition, action an For more details about how TSG process packet flow, please see \textbf{\hyperlink{link:Appendix E TSG Packet Flow}{\color{linkblue}{Appendix E TSG Packet Flow}}}. -\pdfbookmark[2]{Allow Rules}{Allow Rules} +%\pdfbookmark[3]{Voice over Internet Protocol}{Voice over Internet Protocol} +\subsubsection*{\hypertarget{link:Voice over Internet Protocol}{Voice over Internet Protocol}} +\addcontentsline{toc}{subsubsection}{Voice over Internet Protocol} +\label{sec:policies:security:intercept:option} + +Voice over Internet Protocol (VoIP) has become more and more popular as an alternative to the traditional public switched telephone network (PSTN). +VoIP mainly uses RTP as its media protocol to deliver multimedia sessions and SIP for signaling. + + +TSG supports allow, deny and monitor VoIP based on IP address and/or accounts and you can view its logs, including play the audio file. +For now, TSG only supports the mentioned actions above with VoIP calls using SIP for signaling and RTP for delivering audio data. + + +To view detailed description about VoIP log fields, see \textbf{Appendix C Log Fields Description} > \textbf{Log Fields per Protocol} > \textbf{\hyperlink{link:SIP}{\color{linkblue}{SIP}}} and \textbf{\hyperlink{link:RTP}{\color{linkblue}{RTP}}}. + +%\pdfbookmark[2]{Allow Rules}{Allow Rules} \subsection*{\hypertarget{link:Allow Rules}{Allow Rules}} +\addcontentsline{toc}{subsection}{Allow Rules} \label{sec:policies:security:allow} TSG allows the network traffic to pass through, without apply further policy checking. You can define traffic that you choose not to enforce policies because of business, @@ -376,8 +403,9 @@ regulatory, personal, or other reasons, such as financial, health, military, or Generally, allow policies need not generate logs. However, if you enable Log Session, traffic that matches the allow policy rule will also be logged in Event Logs. If you wish to have logs, it is recommended to create monitor rules with Log Session enabled, which will have the same effect. -\pdfbookmark[2]{Intercept Rules}{Intercept Rules} +%\pdfbookmark[2]{Intercept Rules}{Intercept Rules} \subsection*{\hypertarget{link:Intercept Rules}{Intercept Rules}} +\addcontentsline{toc}{subsection}{Intercept Rules} \label{sec:policies:security:intercept} Security policy with intercept action allows you to define traffic that you want the Proxy to terminate. Both HTTP and HTTPS sessions could be terminated. @@ -391,8 +419,9 @@ Thus, the server certificate is replaced and content is decrypted. You can specify different keyrings for individual intercept policy. If not, the Proxy uses the default keyring for trusted website. Keyrings are managed via \textbf{Certificate Managements} > \textbf{\hyperlink{link:Decryption Keyrings}{\color{linkblue}{Decryption Keyrings}}}. -\pdfbookmark[3]{Intercept Options}{Intercept Options} +%\pdfbookmark[3]{Intercept Options}{Intercept Options} \subsubsection*{\hypertarget{link:Intercept Options}{Intercept Options}} +\addcontentsline{toc}{subsubsection}{Intercept Options} \label{sec:policies:security:intercept:option} While policy objects enable you to identify traffic to enforce policies, policy profiles help you define further action. @@ -408,8 +437,9 @@ namely Keyring, Mirror Decrypted Traffic and Decryption Profile. They serve as y • You can use decryption-default for your Decryption Profile, or you can select different one from drop-down and create new ones. For more details, see \hyperlink{link:Decryption Profile}{\color{linkblue}{Decryption Profile}}. -\pdfbookmark[3]{Proxy Limitations}{Proxy Limitations} +%\pdfbookmark[3]{Proxy Limitations}{Proxy Limitations} \subsubsection*{\hypertarget{link:Proxy Limitations}{Proxy Limitations}} +\addcontentsline{toc}{subsubsection}{Proxy Limitations} \label{sec:policies:security:intercept:limitation} There are two types of traffic that exclude from decryption. They are the proxy limitations. One is that you choose not to decrypt because of business, regulatory, @@ -438,8 +468,10 @@ For more details, see \hyperlink{link:SSL Decryption Exclulsion}{\color{linkblue If you wish to exclude FQDN from decryption, create an SSL Decryption Exclusion item and it will immediately become effective. For policies that match SSL Decryption Exclusion are evaluated before intercept policies. -\pdfbookmark[3]{Intercept Trouble Shooting}{Intercept Trouble Shooting} +%\pdfbookmark[3]{Intercept Trouble Shooting}{Intercept Trouble Shooting} \subsubsection*{\hypertarget{link:Intercept Trouble Shooting}{Intercept Trouble Shooting}} +\addcontentsline{toc}{subsubsection}{Intercept Trouble Shooting} +\addtocontents{toc}{\protect\newpage} \label{sec:policies:security:intercept:troubleshooting} You can find out if the interception is successful by checking if the certificates are issued by your pre-configured Root CA. @@ -483,8 +515,9 @@ For more details, see \textbf{Proxy Profiles} > \textbf{\hyperlink{link:Trusted - Force users to use browsers only. If you must decrypt traffic to the site, you will need to inform users that they cannot use the site’s app when connecting through your network, that they must use their browsers only. -\pdfbookmark[2]{Create a Security Policy Rule}{Create a Security Policy Rule} +%\pdfbookmark[2]{Create a Security Policy Rule}{Create a Security Policy Rule} \subsection*{\hypertarget{link:Create a Security Policy Rule}{Create a Security Policy Rule}} +\addcontentsline{toc}{subsection}{Create a Security Policy Rule} \label{sec:policies:security:create} \begin{description} @@ -551,8 +584,9 @@ You can search policies by ID and Name in the list. The Watch feature gives you \notemark\textit{Policy No. 0: For traffic that passes through TSG but does not hit any policies, the traffic is executed according to policy No. 0. The conditions of policy No. 0 are all any, and by default the action is Allow. Policy No. 0 is forbidden to edit.} -\pdfbookmark[1]{Proxy Policy}{Proxy Policy} +%\pdfbookmark[1]{Proxy Policy}{Proxy Policy} \section*{\hypertarget{link:Proxy Policy}{Proxy Policy}} +\addcontentsline{toc}{section}{Proxy Policy} \label{sec:policies:proxy} Proxy policy instructs the proxy how to manipulate a session. Manipulation requires targeted sessions are intercepted in security policies. An individual manipulation policy rules determine whether to allow, monitor, deny or manipulate a session based on traffic attributes. Valid objects depend on specific action. @@ -563,8 +597,9 @@ Proxy policy works correctly on all platforms, including Windows, Linux, MacOS, For the site which breaks decryption for certificate pinning, the proxy only can bypass or deny the traffic based on your configuration. For more details, see \hyperlink{link:Decryption}{\color{linkblue}{Decryption}}. -\pdfbookmark[2]{Components of a Proxy Policy Rule}{Components of a Proxy Policy Rule} +%\pdfbookmark[2]{Components of a Proxy Policy Rule}{Components of a Proxy Policy Rule} \subsection*{\hypertarget{link:Components of a Proxy Policy Rule}{Components of a Proxy Policy Rule}} +\addcontentsline{toc}{subsection}{Components of a Proxy Policy Rule} \label{sec:policies:proxy:component} The Proxy Policy rule construct permits a combination of the required and optional fields as detailed in the following table: @@ -588,8 +623,9 @@ The Proxy Policy rule construct permits a combination of the required and option & Enabled & Only enabled policies will be enforced.\\ \hline \end{longtable} -\pdfbookmark[2]{Actions}{Proxy Actions} +%\pdfbookmark[2]{Actions}{Proxy Actions} \subsection*{\hypertarget{link:Proxy Actions}{Actions}} +\addcontentsline{toc}{subsection}{Actions} \label{sec:policies:proxy:action} For traffic that matches the attributes defined in a proxy policy, you can apply the following actions: @@ -613,8 +649,9 @@ For traffic that matches the attributes defined in a proxy policy, you can apply Insert & The Proxy insert a “js” or “css” scripts to webpages. More details of uploading a script, see \textbf{Proxy Profile} > \textbf{\hyperlink{link:Insert Scripts}{\color{linkblue}{Insert Scripts}}}.\\ \hline \end{longtable} -\pdfbookmark[2]{Applications and Filters}{Proxy Applications and Filters} +%\pdfbookmark[2]{Applications and Filters}{Proxy Applications and Filters} \subsection*{\hypertarget{link:Proxy Applications and Filters}{Applications and Filters}} +\addcontentsline{toc}{subsection}{Applications and Filters} \label{sec:policies:proxy:filter} Only two basic protocol HTTP and DoH are available for the Application in proxy policy. The following table lists different Filter fields for the two protocols and the available object type you can select for each filter field, it also shows whether each filter field support allow, deny, monitor, redirect, replace, hijack and insert action or not. @@ -695,8 +732,9 @@ There are three factors in evaluation of policies. They are condition, action an For more details about how TSG process packet flow, please see \textbf{\hyperlink{link:Appendix E TSG Packet Flow}{\color{linkblue}{Appendix E TSG Packet Flow}}}. -\pdfbookmark[2]{Create a Proxy Policy Rule}{Create a Proxy Policy Rule} +%\pdfbookmark[2]{Create a Proxy Policy Rule}{Create a Proxy Policy Rule} \subsection*{\hypertarget{link:Create a Proxy Policy Rule}{Create a Proxy Policy Rule}} +\addcontentsline{toc}{subsection}{Create a Proxy Policy Rule} \label{sec:policies:proxy:create} \begin{description} @@ -751,8 +789,9 @@ You can also import policies by clicking the import icon. Only json and txt form Select the checkbox for policies in the list and Click \textbf{Watch} at the bottom to add to Watch List. And then you can click the star icon in the bottom right and select Policy tab to view the Watch List. You can search policies by ID and Name in the list. -\pdfbookmark[1]{Schedules}{Schedules} +%\pdfbookmark[1]{Schedules}{Schedules} \section*{\hypertarget{link:Schedules}{Schedules}} +\addcontentsline{toc}{section}{Schedules} \label{sec:policies:schedules} Schedules is the time frame that is applied to the policy or report. Schedules allow you to control the time period for which security rules and proxy rules are in effect. This can be something as simple as a time range that the sessions are allowed to start such as between 8:00 am and 5:00 pm. Something more complex like business hours that include a break for lunch and time of the session’s initiation may need assign multiple schedules to a policy because it will require multiple time ranges. You can then apply these schedules to the rules and reports. @@ -784,8 +823,9 @@ Perform the following to create a schedule. \item[STEP 5.] Click \textbf{OK}. \end{description} -\pdfbookmark[1]{Verify Policy Rules}{Verify Policy Rules} +%\pdfbookmark[1]{Verify Policy Rules}{Verify Policy Rules} \section*{\hypertarget{link:Verify Policy Rules}{Verify Policy Rules}} +\addcontentsline{toc}{section}{Verify Policy Rules} \label{sec:policies:verify} Verify the policy rules in your running configuration to ensure that your policies appropriately allow and deny traffic and access to applications and websites in compliance with your business needs and requirements. diff --git a/content/copypage.tex b/content/copypage.tex new file mode 100644 index 0000000..d32efd3 --- /dev/null +++ b/content/copypage.tex @@ -0,0 +1,18 @@ +% ------------------------------------ --> copyright +{ + \pdfbookmark[0]{Copyright}{Copyright} + + \large\textbf{Contact Information} \\ + \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\\ + \\ + \\ + \large \textbf{Copyright} \\ + \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\\ + © The copyright of this user manual is owned by \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow. Without the permission and authorization of \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow , + any organization or person shall not use, copy or disseminate any text, content and pictures contained in this manual for any reason, + in any way or by any means (electronic or mechanical).\\ + \\ + \\ + \large \textbf{Last Revised} \\ + \thesisDate \\ +} diff --git a/content/titlepage.tex b/content/titlepage.tex index 3372417..2b63164 100644 --- a/content/titlepage.tex +++ b/content/titlepage.tex @@ -16,22 +16,4 @@ \end{titlepage} -% ------------------------------------ --> copyright -{ - \pdfbookmark[0]{Copyright}{Copyright} - - \large\textbf{Contact Information} \\ - \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\\ - \\ - \\ - \large \textbf{Copyright} \\ - \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\\ - © The copyright of this user manual is owned by \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow. Without the permission and authorization of \sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow\sixsnow , - any organization or person shall not use, copy or disseminate any text, content and pictures contained in this manual for any reason, - in any way or by any means (electronic or mechanical).\\ - \\ - \\ - \large \textbf{Last Revised} \\ - \thesisDate \\ -} diff --git a/images/pakcet_life_2020.pdf_tex b/images/pakcet_life_2020.pdf_tex index 2b60c51..832f658 100644 --- a/images/pakcet_life_2020.pdf_tex +++ b/images/pakcet_life_2020.pdf_tex @@ -60,7 +60,8 @@ \put(0,0){\includegraphics[width=\unitlength,page=3]{images/pakcet_life_2020.pdf}}% \put(0.22134901,0.69069077){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Tunnel protocol[2]?\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=4]{images/pakcet_life_2020.pdf}}% - \put(0.40525013,0.69833523){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Tunnel\\ Decapsulation\end{tabular}}}}% + \put(0.40525013,0.69833523){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Tunnel\end{tabular}}}}% + \put(0.37525013,0.68333523){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Decapsulation\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=5]{images/pakcet_life_2020.pdf}}% \put(0.3535372,0.69132331){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Y\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=6]{images/pakcet_life_2020.pdf}}% @@ -89,7 +90,8 @@ \put(0,0){\includegraphics[width=\unitlength,page=17]{images/pakcet_life_2020.pdf}}% \put(0.51723327,0.32216048){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Policy match?\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=18]{images/pakcet_life_2020.pdf}}% - \put(0.5233782,0.26963662){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Take action\\ (allow,deny,monitor)\end{tabular}}}}% + \put(0.5233782,0.26963662){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Take action\end{tabular}}}}% + \put(0.4933782,0.25463662){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}(allow,deny,monitor)\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=19]{images/pakcet_life_2020.pdf}}% \put(0.68511831,0.45492814){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}TCP Stack\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=20]{images/pakcet_life_2020.pdf}}% @@ -99,13 +101,15 @@ \put(0,0){\includegraphics[width=\unitlength,page=22]{images/pakcet_life_2020.pdf}}% \put(0.66632267,0.27423315){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Build SSL Session\\ (Cliend-Side)\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=23]{images/pakcet_life_2020.pdf}}% - \put(0.81956387,0.52565847){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}L7 Decoder\\ (HTTP, HTTP/2, etc)\end{tabular}}}}% + \put(0.81956387,0.52565847){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}L7 Decoder\end{tabular}}}}% + \put(0.78956387,0.51065847){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}(HTTP, HTTP/2, etc)\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=24]{images/pakcet_life_2020.pdf}}% \put(0.79848644,0.45523804){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Proxy Policy lookup\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=25]{images/pakcet_life_2020.pdf}}% \put(0.80606413,0.39245998){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Policy Matched?\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=26]{images/pakcet_life_2020.pdf}}% - \put(0.81844951,0.33732217){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Take Action\\ (allow, replace, etc)\end{tabular}}}}% + \put(0.81844951,0.33732217){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Take Action\end{tabular}}}}% + \put(0.79844951,0.32232217){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}(allow, replace, etc)\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=27]{images/pakcet_life_2020.pdf}}% \put(0.84671407,0.36235088){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Y\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=28]{images/pakcet_life_2020.pdf}}% @@ -115,7 +119,8 @@ \put(0,0){\includegraphics[width=\unitlength,page=30]{images/pakcet_life_2020.pdf}}% \put(0.63407293,0.48209532){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}y\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=31]{images/pakcet_life_2020.pdf}}% - \put(0.48636959,0.17562342){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Tunnel\\ Encapsulation\end{tabular}}}}% + \put(0.48636959,0.17562342){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Tunnel\end{tabular}}}}% + \put(0.46336959,0.16062342){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Encapsulation\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=32]{images/pakcet_life_2020.pdf}}% \put(0.47268518,0.10687034){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Send Packet\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=33]{images/pakcet_life_2020.pdf}}% @@ -129,19 +134,21 @@ \put(0.08213789,0.03849434){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}[2] Tunnel protocols: PPPOE, IPIP, GRE, PPTP, L2TP, Teredo, GTP \end{tabular}}}}% \put(0.08213789,0.02349434){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}[3] L7 Decoded Protocols: HTTP, SSL/TLS, DNS, MAIL(SMTP, POP3, IMAP), FTP and QUIC \end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=36]{images/pakcet_life_2020.pdf}}% - \put(0.26610194,0.63440672){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}IP\\ Defragmentation\end{tabular}}}}% + \put(0.26610194,0.63440672){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}IP\end{tabular}}}}% + \put(0.22610194,0.619440672){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Defragmentation\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=37]{images/pakcet_life_2020.pdf}}% \put(0.26782868,0.65748263){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}N\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=38]{images/pakcet_life_2020.pdf}}% - \put(0.56978039,0.77718568){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session Lookup\end{tabular}}}}% + \put(0.55978039,0.77718568){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session Lookup\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=39]{images/pakcet_life_2020.pdf}}% - \put(0.72557827,0.6419271){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session\\ Maintenance\end{tabular}}}}% + \put(0.72557827,0.6419271){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session\end{tabular}}}}% + \put(0.69557827,0.6269271){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Maintenance\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=40]{images/pakcet_life_2020.pdf}}% \put(0.57359789,0.71325403){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}New Session?\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=41]{images/pakcet_life_2020.pdf}}% \put(0.51730332,0.81906453){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session Setup/ Maintenance\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=42]{images/pakcet_life_2020.pdf}}% - \put(0.57226171,0.63428579){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session Setup\end{tabular}}}}% + \put(0.56226171,0.63428579){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}Session Setup\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=43]{images/pakcet_life_2020.pdf}}% \put(0.73744043,0.71388971){\color[rgb]{0,0,0}\makebox(0,0)[lt]{\tiny\lineheight{1.25}\smash{\begin{tabular}[t]{l}N\end{tabular}}}}% \put(0,0){\includegraphics[width=\unitlength,page=44]{images/pakcet_life_2020.pdf}}% |