FastNetMon Radware Second Generation Integration

This guide is a third generation of Radware integration with FastNetMon Adavanced. It offers best experience and includes all features available in previous version.

To use this integration, you have to use FastNetMon 2.0.176 or newer.

You can use FastNetMon Advanced with Radware Defense Flow as DDoS sensor. In this case, FastNetMon can detect an attack and enable mitigation using Radware DefenseFlow and Apsolute Vision over API.


Integration tool support two major notification modes:

  • Per host attack alerts
  • Per hostgroup attack alerts
  • Full IPv6 support
  • Baseline information

For per-host attack alerts FastNetMon can pass following information:

  • Hostgroup – will be used as protected object on Defense Flow side
  • Attack’s performance
  • Attack’s protocol – UDP,TCP, ICMP or OTHER
  • Attack’s source port
  • Attack’s destination port
  • Up to 50 source hosts (/32)
  • Host affected by attack (/32)

For per-hostgroup attacks we provide less information as FastNetMon does not capture sample of attack:

  • Hostgroup – will be used as protected object on Defense Flow side
  • Attack’s performance
  • List of all networks which belong to hostgroup

Configure DefenseFlow

As first step, please create protected object in DefenseFlow. Make sure to specify the protected networks in the Protected Object.

Install integration

We ship integration in binary format. It works on any x86_64 compatible platform. It does not need any third party dependencies.

Configure integration

For configuration we use JSON format, please create configuration file in /etc/fastnetmon_radware.json with following content:

Since version 2.0.187 you can use fcli to manage plugin’s configuration this way:

Configure FastNetMon for per-host callbacks

Before enabling this integration, please be sure that you configured hostgroups using our official guide.

To enable per-host callbacks please specify integration tool for FastNetMon:

To confirm proper integration, please run example ban:

To unban host, please follow this process:

Then, please use UUID near blocked host and and unblock it:

Configure FastNetMon for per-hostgroup callbacks

In this mode FastNetMon will alert to DefenseFlow when total traffic to specified hostgroup (protected object) exceed specified amount of traffic.

Run test block:

To unblock, list all blocks:

And unblock it using UUID from previous command:

Known issues

In current version of integration DefenseFlow cannot withdraw announce when source networks list in unblock callback does not match to source networks in block callback. We suggest disabling this options for now: