NVForceWareNetworkGuide_1stEd.pdf

(6196 KB) Pobierz
nViewGuide.book
NVIDIA ForceWare Networking and
Firewall Administrator’s Guide
Software Version 1.0
NVIDIA Corporation
February 2004 -- 1st Edition
417132060.005.png 417132060.006.png 417132060.007.png
NVIDIA ForceWare Networking
Administrator’s Guide
Published by
NVIDIA Corporation
2701 San Tomas Expressway
Santa Clara, CA 95050
Copyright © 2004 NVIDIA Corporation. All rights reserved.
This software may not, in whole or in part, be copied through any means, mechanical, electromechanical, or
otherwise, without the express permission of NVIDIA Corporation.
Information furnished is believed to be accurate and reliable. However, NVIDIA assumes no responsibility for the
consequences of use of such information nor for any infringement of patents or other rights of third parties, which
may result from its use. No License is granted by implication or otherwise under any patent or patent rights of
NVIDIA Corporation.
Specifications mentioned in the software are subject to change without notice.
NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems
without express written approval of NVIDIA Corporation.
NVIDIA, the NVIDIA logo, nForce, and ForceWare are registered trademarks or trademarks of NVIDIA Corporation
in the United States and/or other countries.
Microsoft, Windows, Windows logo and/or other Microsoft products referenced in this guide are either registered
trademarks or trademarks of Microsoft Corporation in the U.S. and/or other countries.
Other company and product names may be trademarks or registered trademarks of the respective owners with which
they are associated.
NVIDIA Corporation
417132060.008.png
NVIDIA ForceWare Networking
Administrator’s Guide
Table of Contents
1. Introduction
Audience . . . . . . . . . . . . . . . . . . . . . . . 9
About NVIDIA ForceWare Network Access
Manager . . . . . . . . . . . . . . . . . . . . . . . 9
Command Line Interface (CLI) . . . . . . . . . 10
Web-based Interface . . . . . . . . . . . . . . . 10
Sample Web Pages . . . . . . . . . . . . . . 11
WMI Script . . . . . . . . . . . . . . . . . . . . . 12
About Security . . . . . . . . . . . . . . . . . . . . 13
NVIDIA Firewall . . . . . . . . . . . . . . . . . . . 13
Key Features: NVIDIA Personal and
Professional Firewall . . . . . . . . . . . . . . 14
Anti-Hacking Features: NVIDIA Professional
Firewall only . . . . . . . . . . . . . . . . . . . 14
Summary of NVIDIA Firewall Features . . . . 15
System Requirements . . . . . . . . . . . . . . . . 15
General Requirements . . . . . . . . . . . . . . 15
Hardware Requirements . . . . . . . . . . . . . 16
Operating Systems . . . . . . . . . . . . . . . . 16
Software, Memory, and Disk Space
Requirements . . . . . . . . . . . . . . . . . . 17
NVIDIA Firewall and Ethernet Parameters
Reference . . . . . . . . . . . . . . . . . . . . . . 17
Stateful Filtering . . . . . . . . . . . . . . . . . . . 26
Stateless Filtering . . . . . . . . . . . . . . . . . . 28
4. Configuring the NVIDIA Firewall
NVIDIA Firewall Parameters Reference . . . . . 30
Using the Basic Configuration Page . . . . . . . 31
Using the Firewall Wizards Page . . . . . . . . . 32
Advanced Configuration . . . . . . . . . . . . . . 33
Configuring Anti-Hacking Features — For
NVIDIA Professional Firewall Users . . . . . 35
About Working With Tables . . . . . . . . . . . . 36
Specifying Actions . . . . . . . . . . . . . . . . 36
About Table Sorting . . . . . . . . . . . . . . . 36
Table “Default Action” Settings . . . . . . . . . 37
Configuration Dependencies . . . . . . . . . . . . 38
Recommendations . . . . . . . . . . . . . . . 39
Firewall Statistics . . . . . . . . . . . . . . . . . . 39
Firewall Logging . . . . . . . . . . . . . . . . . . . 43
5. Administrative Tasks
Accessing the Administration Menu . . . . . . . . 45
Application Access Control Page . . . . . . . . . 46
Default Administrative Access Control Settings .
47
Command Line Access . . . . . . . . . . . . . 47
WMI Script . . . . . . . . . . . . . . . . . . . . 47
Local Web Access . . . . . . . . . . . . . . . . 48
Remote Web Access . . . . . . . . . . . . . . 48
Additional Notes . . . . . . . . . . . . . . . 48
Password . . . . . . . . . . . . . . . . . . . . . 49
IP Address and IP Address Mask (optional) . 49
Restore Factory Defaults . . . . . . . . . . . . . . 49
Display Settings . . . . . . . . . . . . . . . . . . . 50
Backup/Restore . . . . . . . . . . . . . . . . . . . 50
Backup Configuration . . . . . . . . . . . . . . 50
Restore User Configuration . . . . . . . . . . 51
ForceWare Network Access Manager Software
Version . . . . . . . . . . . . . . . . . . . . . . . 51
2. Installation Guidelines
Overview of NVIDIA ForceWare Network
Installation . . . . . . . . . . . . . . . . . . . . . . 18
Locating the ForceWare Network Installer . . . . 19
Before Using the ForceWare Network Installer . . 19
Running the ForceWare Network Installer . . . . 20
Creating the Response File . . . . . . . . . . . 20
Running Installation in Silent Mode . . . . . . . 20
Launching the ForceWare Network Access
Manager
Web Interface . . . . . . . . . . . . . . . . . . . . 20
Configuration Deployment . . . . . . . . . . . . . 21
3. NVIDIA Firewall: Basic Concepts
Types of Firewalls . . . . . . . . . . . . . . . . . . 23
Stateful vs. Stateless . . . . . . . . . . . . . . . . . 24
Inbound vs. Outbound Packets . . . . . . . . . . . 24
About the TCP Protocol . . . . . . . . . . . . . 25
About the UDP and ICMP Protocols . . . . . . 25
UDP . . . . . . . . . . . . . . . . . . . . . . 25
ICMP . . . . . . . . . . . . . . . . . . . . . . 26
6. Using WMI Script
Before You Begin . . . . . . . . . . . . . . . . . . 52
Benefits of Using WMI Script . . . . . . . . . . . 53
Overview . . . . . . . . . . . . . . . . . . . . . . . 53
Advanced Topics . . . . . . . . . . . . . . . . . . 54
NVIDIA Namespace . . . . . . . . . . . . . . . 54
WMI Provider . . . . . . . . . . . . . . . . . . 54
NVIDIA Corporation
iii
417132060.001.png 417132060.002.png
NVIDIA ForceWare Networking
Administrator’s Guide
Synchronization . . . . . . . . . . . . . . . . . . 54
Sample Scripts . . . . . . . . . . . . . . . . . . . . 55
Import . . . . . . . . . . . . . . . . . . . . . . . 68
Syntax . . . . . . . . . . . . . . . . . . . . . 68
Example . . . . . . . . . . . . . . . . . . . . 68
Selective Export . . . . . . . . . . . . . . . . . 68
Syntax . . . . . . . . . . . . . . . . . . . . . 68
Example . . . . . . . . . . . . . . . . . . . . 68
Context Export . . . . . . . . . . . . . . . . . . 69
Example . . . . . . . . . . . . . . . . . . . . 69
Glossary . . . . . . . . . . . . . . . . . . . . . . . 69
7. Using The Command Line
Interface (CLI)
Conventions Used . . . . . . . . . . . . . . . . . . 56
About Examples Used . . . . . . . . . . . . . . . . 57
Parameters . . . . . . . . . . . . . . . . . . . . . . 57
Modes of Operation . . . . . . . . . . . . . . . . . 57
Using Single Parameters . . . . . . . . . . . . . . 58
Set (Expert Mode) . . . . . . . . . . . . . . . . 58
Example . . . . . . . . . . . . . . . . . . . . 58
Set (Interactive Mode) . . . . . . . . . . . . . . 59
Example . . . . . . . . . . . . . . . . . . . . 59
Get . . . . . . . . . . . . . . . . . . . . . . . . . 59
Help . . . . . . . . . . . . . . . . . . . . . . . . 59
Example . . . . . . . . . . . . . . . . . . . . 59
Using Table Parameters . . . . . . . . . . . . . . . 59
Add Row . . . . . . . . . . . . . . . . . . . . . . 60
Example . . . . . . . . . . . . . . . . . . . . 60
Edit Row . . . . . . . . . . . . . . . . . . . . . . 61
Example . . . . . . . . . . . . . . . . . . . . 61
Delete Row . . . . . . . . . . . . . . . . . . . . 61
Example . . . . . . . . . . . . . . . . . . . . 61
Help . . . . . . . . . . . . . . . . . . . . . . . . 61
Example . . . . . . . . . . . . . . . . . . . . 61
Set Table . . . . . . . . . . . . . . . . . . . . . 62
Examples . . . . . . . . . . . . . . . . . . . 62
Get Table . . . . . . . . . . . . . . . . . . . . . 63
Example . . . . . . . . . . . . . . . . . . . . 63
About Expert Commands . . . . . . . . . . . . 63
Syntax . . . . . . . . . . . . . . . . . . . . . 63
Examples . . . . . . . . . . . . . . . . . . . 63
About Other Table Commands . . . . . . . . . 64
Syntax . . . . . . . . . . . . . . . . . . . . . 64
Browsing the Parameter Structure . . . . . . . . . 64
List . . . . . . . . . . . . . . . . . . . . . . . . . 64
Example . . . . . . . . . . . . . . . . . . . . 64
Changing Directory . . . . . . . . . . . . . . . . 65
Example 1 . . . . . . . . . . . . . . . . . . . 65
Example 2 . . . . . . . . . . . . . . . . . . . 65
Current Working Directory . . . . . . . . . . . . 66
Example . . . . . . . . . . . . . . . . . . . . 66
Context-Sensitive Operations . . . . . . . . . . 66
Example . . . . . . . . . . . . . . . . . . . . 66
Text File Processing . . . . . . . . . . . . . . . . . 67
Export . . . . . . . . . . . . . . . . . . . . . . . 67
Syntax . . . . . . . . . . . . . . . . . . . . . 67
Example . . . . . . . . . . . . . . . . . . . . 67
A. Ethernet Parameters Reference
Gr oup: Remote Wakeup . . . . . . . . . . . . . . 70
Remote Wakeup . . . . . . . . . . . . . . . . 70
Remote Wakeup by Magic Packet . . . . . . . 71
Remote Wakeup (Pattern Match) . . . . . . . 71
Remote Wakeup (Link State Change) . . . . . 72
Remote Wake Up from Hibernate or Shutdown .
72
Gr oup: Protocol Offload . . . . . . . . . . . . . . 73
Checksum Offload . . . . . . . . . . . . . . . . 73
IPv4 Transmit Checksum Offload . . . . . . . 73
IPv4 Receive Checksum Offload . . . . . . . 74
UDP Transmit Checksum Offload . . . . . . . 74
UDP Receive Checksum Offload . . . . . . . 75
TCP Transmit Checksum Offload . . . . . . . 75
TCP Receive Checksum Offload . . . . . . . 76
TCP Large Send Offlload . . . . . . . . . . . 76
Gr oup: Microsoft Operating System VLAN (Virtual
LAN) . . . . . . . . . . . . . . . . . . . . . . . . 77
Microsoft Operating System VLAN . . . . . . 77
Gr oup: VLAN (Virtual LAN) . . . . . . . . . . . . 78
VLAN Support . . . . . . . . . . . . . . . . . . 78
VLAN ID . . . . . . . . . . . . . . . . . . . . . 78
Gr oup: Jumbo Frame . . . . . . . . . . . . . . . . 79
Jumbo Frame Payload Size . . . . . . . . . . 79
Gr oup: Driver Optimization . . . . . . . . . . . . 80
Ethernet Driver Optimization . . . . . . . . . 80
Gr oup: Ethernet Performance . . . . . . . . . . . 81
Number of Receive Buffers . . . . . . . . . . 81
Number of Receive Buffer Descriptors . . . . 81
Number of Transmit Buffer Descriptors . . . . 82
Maximum Transmit Frames Queued . . . . . 82
Number of Receive Packets to Process per
Interrupt . . . . . . . . . . . . . . . . . . . . 83
Number of Transmit Packet to Process per
Interrupt . . . . . . . . . . . . . . . . . . . . 83
Interrupt Interval . . . . . . . . . . . . . . . . . 84
Gr oup: Traffic Prioritization . . . . . . . . . . . . 84
IEEE 802.1p Support . . . . . . . . . . . . . . 84
iv
NVIDIA Corporation
417132060.003.png
NVIDIA ForceWare Networking
Administrator’s Guide
Gr oup: Ethernet Speed/Duplex . . . . . . . . . . . 85
Configurable Ethernet Speed/Duplex Settings 85
Gr oup: Ethernet Information . . . . . . . . . . . . 86
Link Speed . . . . . . . . . . . . . . . . . . . . 86
Maximum Link Speed . . . . . . . . . . . . . . 86
Duplex Setting . . . . . . . . . . . . . . . . . . 87
Link Status . . . . . . . . . . . . . . . . . . . . . 87
Promiscuous Mode . . . . . . . . . . . . . . . . 88
Permanent Ethernet Address . . . . . . . . . . 88
Gr oup: Ethernet Address . . . . . . . . . . . . . . 89
Current Ethernet Address . . . . . . . . . . . . 89
Gr oup: Network Interface information . . . . . . . 89
Computer (Machine) Name . . . . . . . . . . . 89
IP Address . . . . . . . . . . . . . . . . . . . . 90
IP Address Mask . . . . . . . . . . . . . . . . . 90
Gr oup: Factory Default . . . . . . . . . . . . . . . 91
Factory Default . . . . . . . . . . . . . . . . . . 91
Table: Multicast Address List . . . . . . . . . . . . 91
Multicast Address List . . . . . . . . . . . . . . 91
Multicast Addresses (Single Parameter) . . . 92
Gr oup: Ethernet Statistics . . . . . . . . . . . . . . 92
Frames Received with Alignment Error . . . . 92
Frames Transmitted After One Collision . . . . 93
Frames Transmitted After Two or More
Collisions . . . . . . . . . . . . . . . . . . . . 93
Frames Transmitted After Deferral . . . . . . . 94
Display Name Frames Exceed Maximum
Collision . . . . . . . . . . . . . . . . . . . . . 94
Frames with Overrun Errors . . . . . . . . . . . 95
Frames with Underrun Errors . . . . . . . . . . 95
Frames with Heartbeat Failure . . . . . . . . . 96
Carrier Sense (CRS) Signal Lost . . . . . . . . 96
Late Collisions . . . . . . . . . . . . . . . . . . 97
Gr oup: General Networking Statistics . . . . . . . 97
Successfully Transmitted Frames . . . . . . . 97
Successfully Received Frames . . . . . . . . . 98
Transmit Failures . . . . . . . . . . . . . . . . . 98
Receive Failures . . . . . . . . . . . . . . . . . 98
No Receive Buffers . . . . . . . . . . . . . . . . 99
Direct Frames Received . . . . . . . . . . . . . 99
Multicast Frames Received . . . . . . . . . . . 99
Broadcast Frames Received . . . . . . . . . 100
Gr oup: Alert Standard Format . . . . . . . . . . 100
ASF Support . . . . . . . . . . . . . . . . . . 100
ASF Destination IP Address . . . . . . . . . . 101
ASF Send Count . . . . . . . . . . . . . . . . 101
Gr oup: ASF Information . . . . . . . . . . . . . . 102
ASF Destination MAC Address . . . . . . . . 102
Gr oup: System Fails to Boot Alert . . . . . . . . 102
System Fails to Boot Alert . . . . . . . . . . .102
Gr oup: Fan Problem Alert . . . . . . . . . . . . .103
Fan Problem Alert . . . . . . . . . . . . . . .103
Gr oup: ASF SMBus Error . . . . . . . . . . . . .103
ASF SMBus Error . . . . . . . . . . . . . . . .103
Gr oup: ASF WOL Alert . . . . . . . . . . . . . . .104
ASF Wake On Lan (WOL) Aler . . . . . . . .104
Gr oup: ASF Heartbeat Alert . . . . . . . . . . . .104
ASF Heartbeat Alert Interval . . . . . . . . . .104
Gr oup: ASF Operating System Hung Alert . . . .105
ASF Operating System Hung Alert . . . . . .105
Gr oup: ASF Power Button Alert . . . . . . . . . .105
ASF Power Button Alert . . . . . . . . . . . .105
Gr oup: ASF System Hot Alert . . . . . . . . . . .106
ASF System Hot Alert . . . . . . . . . . . . . .106
Group: ASF CPU Overheated Alert . . . . . . . .106
ASF CPU Overheat Alert . . . . . . . . . . . .106
Gr oup: ASF CPU Overheated Alert . . . . . . . .107
ASF CPU Hot Alert . . . . . . . . . . . . . . .107
Gr oup: ASF Case Intrusion Alert . . . . . . . . .107
ASF Case Intrusion Alert . . . . . . . . . . . .107
B. NVIDIA Firewall Parameters
Reference
Group: Configure Firewall Security Level . . . .108
Configure Firewall Security Level . . . . . . .108
About the FwlProfiles Settings . . . . . . .109
Group: Configure Professional Firewall Options 111
Disallow Promiscuous Mode . . . . . . . . . 111
Disallow DHCP Server . . . . . . . . . . . . . 111
Block Outbound Spoofed IP Packets . . . . . 112
Block Spoofed ARP Packets . . . . . . . . . . 112
Block UDPv4 with No UDP Checksum . . . . 113
Group: EtherType Default Rule . . . . . . . . . . 113
EtherType Default Rule . . . . . . . . . . . . 113
Group: IP Address/Mask Default Rule . . . . . . 114
IP Address/Mask Default Action . . . . . . . 114
Group: Domain Name Default Rule . . . . . . . . 114
Domain Name Default Rule . . . . . . . . . . 114
Group: IP Option Default Rule . . . . . . . . . . . 115
Inbound IP Option Default Rule . . . . . . . . 115
Outbound IP Option Default Rule . . . . . . . 115
Group: IP Protocol Default Rule . . . . . . . . . . 116
IP Protocol Default Rule . . . . . . . . . . . . 116
Group: Port Number Default Rule . . . . . . . . . 116
Inbound Port Number Default Rule . . . . . . 116
Outbound Port Number Default Rule . . . . . 117
Group: TCP Options Default Rule . . . . . . . . . 117
TCP Options Default Rule . . . . . . . . . . . 117
NVIDIA Corporation
v
417132060.004.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin