 cOS Core 15.00.01 Administration Guide
|
Next |
|---|
| cOS Core 15.00.01 Administration Guide
|
Next |
|---|
![[Note]](images/note.png) |
Note: This document is also available in other formats |
|---|---|
|
A PDF version of this document along with all current and older documentation in PDF format can be found at https://my.clavister.com. It is also available as a single HTML page. |
Clavister cOS Core is the base software system that runs on Clavister NetWall hardware products. Alternatively, cOS Core can run in a virtualized environment on a customer's choice of hardware, with a range of platforms supported. In both cases, cOS Core provides the full capabilities of a Next Generation Firewall (NGFW).
cOS Core is a Network Security Operating System
Designed as a network security operating system, cOS Core features high throughput performance with high reliability plus highly granular control. cOS Core offers seamless integration of all its subsystems, in-depth administrative control of all functionality, as well as a minimal attack surface which helps to negate the risk from security attacks.cOS Core Objects
From the administrator's perspective the conceptual approach of cOS Core is to visualize operations through a set of logical building blocks or objects. These objects allow the configuration of cOS Core in an almost limitless number of different ways in order to meet the requirements of the most demanding network security scenarios.Key Features
cOS Core has an extensive feature set. The list below presents the key features of the product:cOS Core provides a variety of options for IP routing including static routing, dynamic routing (with OSPF), virtual routing as well as multicast routing capabilities. In addition, cOS Core supports features such as Virtual LANs, Route Monitoring, Proxy ARP and Transparency.
For more information about this, see Chapter 4, Routing.
cOS Core provides stateful inspection-based firewalling for a wide range of protocols such as TCP, UDP and ICMP. The administrator can define detailed firewalling policies based on source/destination network/interface, protocol, ports, user credentials, time-of-day and more.
Section 3.6, IP Rule Sets describes how to set up these policies to determine what traffic is allowed or rejected by cOS Core.
For functionality as well as security reasons, cOS Core supports policy-based address translation. Dynamic Address Translation (NAT) as well as Static Address Translation (SAT) is supported, and resolves most types of address translation needs.
This feature is covered in Chapter 9, Address Translation.
In cOS Core, the Artificial Intelligence Anomaly Detection feature employs a combination of state-of-the-art concepts in machine learning and time-series analysis to detect communication misbehaviour in near real-time.
This feature is described further in Chapter 8, Artificial Intelligence.
cOS Core provides a range of Application Level Gateways (ALGs) which provide security features that examine traffic at higher OSI layers such as checking that file download content agrees with the given filetype. Another example is the SIP ALG which examines the SIP message exchanges that take place during the setup of peer to peer data exchanges.
For detailed information, see Section 6.1, ALGs.
cOS Core supports a range of Virtual Private Network (VPN) solutions. Support exists for IPsec, L2TP, L2TPv3, PPTP, as well as SSL VPN, with security policies definable for individual VPN connections.
This topic is covered in Chapter 11, VPN.
cOS Core supports TLS termination so that the Clavister firewall can act as the endpoint for connections by HTTP web-browser clients (this feature is sometimes called SSL termination).
For detailed information, see Section 6.1.11, TLS ALG.
cOS Core is able to identify data connections relating to particular applications and perform defined actions for those data streams such as blocking or traffic shaping. An example of an application is BitTorrent peer to peer streaming but could also relate to accessing certain websites such as Facebook.
For detailed information, see Section 3.7, Application Control.
cOS Core features integrated anti-virus functionality. Traffic passing through the firewall can be subjected to in-depth scanning for viruses, and virus sending hosts can be blacklisted and blocked.
For details of this feature, see Section 6.4, Anti-Virus Scanning.
To mitigate application-layer attacks towards vulnerabilities in services and applications, cOS Core provides a powerful Intrusion Detection and Prevention (IDP) engine. The IDP engine is policy-based and is able to perform high-performance scanning and detection of attacks and can perform blocking and optional black-listing of attacking hosts.
More information about IDP can be found in Section 7.8, Intrusion Detection and Prevention.
cOS Core provides various mechanisms for filtering web content that is deemed inappropriate according to a web usage policy. With Web Content Filtering (WCF) web content can be blocked based on the URL. In addition, websites can be whitelisted or blacklisted.
More information about this topic can be found in Section 6.2, Web Content Filtering.
cOS Core provides broad traffic management capabilities through Traffic Shaping, Threshold Rules and Server Load Balancing.
Traffic Shaping enables limiting and balancing of bandwidth; Threshold Rules allow specification of thresholds for sending alarms and/or limiting network traffic; Server Load Balancing enables a device running cOS Core to distribute network load to multiple hosts.
These features are discussed in detail in Chapter 12, Traffic Management.
The Clavister NetWall Firewall can be used for authenticating users before allowing access to protected resources. Multiple local user databases are supported as well as multiple external RADIUS servers, and separate authentication policies can be defined to support separate authentication schemes for different kinds of traffic.
In addition, cOS Core supports User Identity Awareness. This means Windows based clients need only be authenticated once by a Windows Active Directory™ server and the authenticated state is then relayed to cOS Core.
See Chapter 10, User Authentication for detailed information.
Administrator management of cOS Core is possible through either a Web-based User Interface (the Web Interface or WebUI) or via a Command Line Interface (the CLI). Both interfaces allow management of a single Clavister firewall at a time. cOS Core also provides detailed event and logging capabilities plus support for monitoring through SNMP.
More detailed information about this topic can be found in Chapter 2, Management and Maintenance.
High Availability (HA) is supported through automatic fault-tolerant failover to a secondary Clavister firewall. The two devices act together as a cluster, with one being active while the other is passive but constantly mirroring the state of the active unit.
This feature is described in more detail in Chapter 13, High Availability.
Using two or more, separate cOS Core routing tables, it is possible to create separate virtual routers in a single Clavister firewall. Although a single version of cOS Core is being run, it is possible to create separate sets of IP rules and other policies so that different sets of traffic can be completely separated from each other within a single firewall.
See Section 4.6, Virtual Routing for more information about this topic.
IPv6 addresses are supported on interfaces, within rule sets, within VPN and in many other aspects of cOS Core.
More information about this topic can be found in Section 3.2, IPv6 Support.
cOS Core can be used to control external switches using the ZoneDefense feature. This allows cOS Core to isolate portions of a network that contain hosts that are the source of undesirable network traffic. This is discussed further in Section 7.11, ZoneDefense.
Certain functions of cOS Core can be controlled by a program running on an external computer that makes use of the cOS Core REST API. This API is discussed briefly in some of the relevant sections of this guide but is described in detail in the separate cOS Core REST API Guide.
In a virtual environment such as VMware, KVM or Hyper-V, it is possible to have multiple, independent Clavister firewalls running on a single computer. The supported underlying hardware architectures are x86 and also ARM for KVM.
Installation and running cOS Core in virtual environments is described in the Clavister Virtual Series Getting Started Guide publications. There is a separate Getting Started Guide for VMware, KVM and Hyper-V. The KVM guide covers both X86 and ARM platforms.
For automatic initialization during cloud deployment, cOS Core supports Cloud-Init. This is described further in the Cloud-Init Setup chapter of the Getting Started Guide for the relevant virtual environment.
In addition to the list above, cOS Core includes a number of other features such as RADIUS Accounting, DHCP services, protection against Denial-of-Service (DoS) attacks, support for PPPoE, GRE, dynamic DNS services and much more.
Making use of the available documentation is recommended to get the most out of the cOS Core product. In addition to this administration guide, the reader should also be aware of the following companion documentation:A Getting Started Guide for each Clavister hardware model and each virtual environment. This describes how to initially set up cOS Core for each type of environment.
A RSG-400 Getting Started Guide. This describes how to initially set up cOS Core on the RSG-400 appliance.
The CLI Reference Guide which details all cOS Core CLI commands and cOS Core configuration objects.
The cOS Core Log Reference Guide which lists and describes all log event messages that cOS Core may generate.
The cOS Core Application Control Signatures reference which lists all the application control signatures available in cOS Core.
The Data Collection Guide which describes how to submit a support ticket to Clavister.
Together, these documents form the essential reference material for cOS Core operation.
Additional, related documentation consists of:
The Hardware Replacement Guide for swapping out Clavister hardware with the same or different unit. This guide also covers the Clavister Cold Standby (CSB) service.
The InControl Administration Guide which covers all aspects of using the separate InControl product for the centralized management of multiple NetWall firewalls.
![[Tip]](images/tip.png) |
Tip: Documentation is available in HTML format |
|---|---|
The latest version of this guide and related NetWall documentation is available in HTML format at https://docs.clavister.com. The documentation for all older cOS Core versions can be downloaded in PDF format from https://my.clavister.com. Note that the HTML documentation for the latest cOS Core version can also be opened by pressing the question mark icon at the top-right of the Web Interface. |
https://www.clavister.com/advisories/security
Clavister maintains a searchable Knowledge Base on its website which contains a range of articles covering all Clavister products, including articles about NetWall firewalls and cOS Core. These articles are designed to expand on the base reference documentation which is provided in PDF format and links to specific cOS Core topics in the knowledge base can be found throughout this publication.The knowledge base main page can be found at the following link:
The Clavister YouTube "How-To" Videos
Clavister has a YouTube™ channel which has a specific "How-To" playlist. This provides visual example of using the cOS Core Web Interface to perform various administrative tasks in cOS Core. The playlist can be found at the following link:https://www.youtube.com/channel/UC2i10VOdZ3FkydIrIUmHDPw/playlists
cOS Core Education and Certification
Clavister offers a full range of product courses and product certifications. For details about classroom and online cOS Core education as well as cOS Core certification, visit the Clavister company website at http://www.clavister.com or contact a local sales representative.