10.07.2018

FastNetMon Advanved and Radware Defense Flow integration

Please do not use this guide! We’ve deprecated it.

You can use FastNetMon Advanced with Radware Defense Flow as DDoS sensor. In this case, FastNetMon can detect an attack and enable mitigation using Radware equipment over API.

Configure Defense Flow

As first step, please create protected object in DefenseFlow. Make sure to specify the protected networks in the Protected Object.

Install Radware integration code

As first step, please install rar archiver:

sudo apt-get install -y unrar

Download official integration scripts from Radware’s site:

wget https://support.radware.com/ci/okcsFattach/get/1011363_2 -Oradware.rar

Unpack it in current folder:

unrar x radware.rar

Move scripts to configuration folder:

mv FastNetMon/ /etc/fastnetmon_radware

Set executable flag for notify script:

sudo chmod +x /etc/fastnetmon_radware/notifyScriptRadware.sh 
sudo chmod +x /etc/fastnetmon_radware/startAttackInDefenseFlow.sh
sudo chmod +x /etc/fastnetmon_radware/stopAttackInDefenseFlow.sh

Install dependencies for scripts:

apt-get install -y jq

Fix paths:

sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/notifyScriptRadware.sh 
sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/startAttackInDefenseFlow.sh
sudo sed -i 's#/var/tmp/fnm/#/etc/fastnetmon_radware/#g' /etc/fastnetmon_radware/stopAttackInDefenseFlow.sh

Specify correct access credentials for VISION API in file /etc/fastnetmon_radware/Radware.sh. Edit the Vision IP, User, Password in the file.

Example:

VISION_IP=10.210.103.61
VISION_USER=radware
VISION_PASSWORD=radware

Make test call for script for ban action:

/etc/fastnetmon_radware/notifyScriptRadware.sh 11.22.33.33 incoming 10000 ban

And for unban action:

/etc/fastnetmon_radware/notifyScriptRadware.sh 11.22.33.33 incoming 10000 unban

It should work as expected and enable/disable protected object on DefenseFlow’s side.

Specify Radware callback scripts in FastNetMon Advanced configuration:

sudo fcli set main notify_script_path /etc/fastnetmon_radware/notifyScriptRadware.sh
sudo fcli set main notify_script_enabled enable
sudo fcli set main notify_script_format text
sudo fcli commit

Make test call for ban / unban using FastNetMon

sudo fcli set blackhole 11.22.33.44

And for unban:

sudo fcli set blackhole 11.22.33.44

To get more details, please check official support article from Radware’s site.