Home  Prev  Clavister NetEye On-Premises Getting Started Guide  Next

3.2. cOS Core Setup Using the CLI

The following CLI commands could be used instead of the WebUI for configuring cOS Core communication with NetEye.

A. Route traffic between clients and NetEye

1. Create a new routing table: 

Device:/> add RoutingTable my_neteye_rt

2. Add an all-nets Route: 

Device:/> cc RoutingTable my_neteye_rt
Device:/rt> add Route Network=all-nets
			Interface=If4
			Gateway=neteye_input_gw_ip

3. Configure a routing rule for HTTP/HTTPS traffic:

Device:/> add RoutingRule
			ForwardRoutingTable=my_neteye_rt
			ReturnRoutingTable=main
			SourceInterface=If1
			SourceNetwork=If1_net
			DestinationInterface=any
			DestinationNetwork=all-nets
			Service=http-all

4. Configure an IP policy to allow traffic from clients to NetEye:

Device:/> add IPPolicy Name=my_neteye_policy
			SourceInterface=If1
			SourceNetwork=If1_net
			DestinationInterface=If4
			DestinationNetwork=all-nets
			Service=http-all
			Action=Allow

B. Route traffic between NetEye and the Internet

1. Create a New Routing Table: 

Device:/> add RoutingTable my_neteye_rt2

2. Add a route to NetEye for returning client traffic:

Device:/> cc RoutingTable my_neteye_rt2
Device:/rt> add Route Network=If1_net
			Interface=If3
			Gateway=neteye_out_gw_ip

3. Configure a routing rule for HTTP/HTTPS traffic:

Device:/> add RoutingRule
			ForwardRoutingTable=main
			ReturnRoutingTable=my_neteye_rt2
			SourceInterface=If3
			SourceNetwork=all-nets
			DestinationInterface=any
			DestinationNetwork=all-nets
			Service=http-all

4. Configure an IP policy to allow traffic from NetEye to the Internet:

Device:/> add IPPolicy Name=my_neteye_policy2
			SourceInterface=If3
			SourceNetwork=all-nets
			DestinationInterface=If2
			DestinationNetwork=all-nets
			Service=all_services
			Action=Allow
			SourceAddressTranslation=NAT
			NATSourceAddressAction=OutgoingInterfaceIP

5. Create a service group that combines the predefined services https and ssh: 

Device:/> add Service ServiceGroup https-ssh Members=https,ssh

6. Configure a SAT IP policy to allow management traffic to reach NetEye:

Device:/> add IPPolicy Name=my_neteye_mgmt_policy
			SourceInterface=If2
			SourceNetwork=88.131.48.0/25
			DestinationInterface=core
			DestinationNetwork=If2_ip
			Service=https-ssh
			Action=Allow
			SourceAddressTranslation=None
			DestinationAddressTranslation=SAT
			DestinationAddressAction=SingleIP
			DestNeIP=neteye_mgmt_ip

The changed cOS Core configuration can now be activated and committed.

Home  Prev   Next