Please do not use this guide! We’ve deprecated it.
You can use FastNetMon Advanced with Radware Defense Flow as DDoS sensor. In this case, FastNetMon can detect an attack and enable mitigation using Radware equipment over API.
Configure Defense Flow
As first step, please create protected object in DefenseFlow. Make sure to specify the protected networks in the Protected Object.
Install Radware integration code
As first step, please install rar archiver:
sudo apt-get install -y unrar
Download official integration scripts from Radware’s site:
wget https://support.radware.com/ci/okcsFattach/get/1011363_2 -Oradware.rar
Unpack it in current folder:
unrar x radware.rar
Move scripts to configuration folder:
mv FastNetMon/ /etc/fastnetmon_radware
Set executable flag for notify script:
sudo chmod +x /etc/fastnetmon_radware/notifyScriptRadware.sh sudo chmod +x /etc/fastnetmon_radware/startAttackInDefenseFlow.sh sudo chmod +x /etc/fastnetmon_radware/stopAttackInDefenseFlow.sh
Install dependencies for scripts:
apt-get install -y jq
Fix paths:
sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/notifyScriptRadware.sh sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/startAttackInDefenseFlow.sh sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/stopAttackInDefenseFlow.sh
Specify correct access credentials for VISION API in file /etc/fastnetmon_radware/Radware.sh. Edit the Vision IP, User, Password in the file.
Example:
VISION_IP=10.210.103.61 VISION_USER=radware VISION_PASSWORD=radware
Make test call for script for ban action:
/etc/fastnetmon_radware/notifyScriptRadware.sh 11.22.33.33 incoming 10000 ban
And for unban action:
/etc/fastnetmon_radware/notifyScriptRadware.sh 11.22.33.33 incoming 10000 unban
It should work as expected and enable/disable protected object on DefenseFlow’s side.
Specify Radware callback scripts in FastNetMon Advanced configuration:
sudo fcli set main notify_script_path /etc/fastnetmon_radware/notifyScriptRadware.sh sudo fcli set main notify_script_enabled enable sudo fcli set main notify_script_format text sudo fcli commit
Make test call for ban / unban using FastNetMon
sudo fcli set blackhole 11.22.33.44
And for unban:
sudo fcli set blackhole 11.22.33.44
To get more details, please check official support article from Radware’s site.