29.01.2019

Radware Defense Flow integration with FastNetMon Advanced

It’s significantly improved version of our Radware integration guide

Deprecation notice

Please use next generation of integration tool.

You can use FastNetMon Advanced with Radware Defense Flow as DDoS sensor. In this case, FastNetMon can detect an attack and enable mitigation using Radware equipment over API.

Configure DefenseFlow

As first step, please create protected object in DefenseFlow. Make sure to specify the protected networks in the Protected Object.

Enable integration with FastNetMon

This integration was tested very well with Ubuntu 16.04. Older versions may have issues with SSL library.

This script requires some additional libraries, please install them:

Please this content to file in /etc/fastnetmon_radware_notify_script.pl:

This script assumes that you use hostgroups with names which match to protected object names. If you do not use protected object, please remove two following lines from script completely:

Set executable bit for it:

Please set credentials for Vision API right inside script.

Also, you can enable option pass_port_and_protocol_information which will expose much more information to DefenseFlow (source, destination ports, protocol and source hosts). You can enable it this way:

Then, please enable this script for FastNetMon:

To confirm proper integration, please run example ban:

And unban operations:

Then, please use UUID near blocked host and and unblock it:

This script writes log messages to /tmp/fastnetmon_radware_notify_script.log, please check it in case of any issues.