All configuration of .vantronix systems is based on the modular
.vantronix command line interface (amCLI) - even the GUI is running
CLI commands in the background. The CLI combines a style and feature
set that is typical for networking appliances with innovations that
are specific to .vantronix products. It includes a hierarchical
command tree, a unified configuration and an integrated configuration
versioning system. The CLI is powerful and supports scripting and
automation in highly customized environments.
![]()
In addition to the specialized CLI, .vantronix allows access to a
fully POSIX-compliant BSD/UNIX shell that is provided by the
underlying OpenBSD operating system. Network enthusiasts and system
administrators in UNIX environments can use the shell to work in a
familiar way. The shell also provides additional scripting
capabilities with custom shell or Perl scripts.
![]()
A typical use case of the scripting and automation features is in
environments with an automated deployment of packet filter rules, IP
block lists or redirection entries. A centralized deployment server
will use the industry-standard OpenSSH client with public-key based
authentication to run commands on the .vantronix systems without any
user interaction.
The Packet Filter supports various methods to simplify the typical
task of automated deployments and to minimize the complexity of the
ruleset. Large lists of IP addresses can be loaded into tables with up
to millions of entries and referenced by single rules. Tables can be
updated and modified at runtime without interruption and without
reloading the ruleset itself. Subsets of the ruleset can be loaded
into anchors and re-loaded into the main ruleset at runtime. Macros
can pre-define common statements in the packet filter rules… The
flexibility of the Packet Filter is great and scales in largest
networks.
![]()
For example, the centralized server can upload IP lists to
/etc/blacklist.txt on the appliance, use the "ip pf table" commands or
use anchors to load sub-rulesets at runtime without any firewall
interruption.
![]() ![]() ![]()
The .vantronix Firewall Manager works on touch screen interfaces and
embedded systems like the Apple iPad or iPhone using the embedded
version of the Safari browser. It also runs on various different
browsers like Mozilla Firefox 3.6 or later, Safari 5, or Microsoft
Internet Explorer 7, 8 or later. An optional Add-On for Firefox allows
using the latest Firewall Manager version without updating anything on
the appliance itself.
The modular .vantronix command line interface (amCLI) is the backend
of the Firewall Manager - all GUI content is based on CLI commands
that are exchanged with the appliance and rendered on the client. The
benefits of this approach are that the GUI will not waste any precious
resources on the appliance and lets it focus on networking duties and
that the GUI does not conflict with the CLI.
![]()
"vantronix-mgmt" is the SSL-based application server running at
TCP port 8034 (official IANA port number).
The Firewall Manager GUI also includes powerful monitoring and logging
capabilities; the logging allows to display, search, sort and filter
occurred system and inspection events in real time. It is also
possible to define a large number of custom logging filters that can
be saved on the client and reloaded at any time.
All log events are saved in an internal high-performance logging
database on the appliance that provides all the sorting and filtering
capabilities; additional logging to BSD SysLog files and servers is
also supported.
![]()
The inspection and system events can be filtered and sorted in real time.
The Firewall Manager supports various configuration and status pages
for the different subsystems of the .vantronix appliance. The main
concepts of the GUI are that it does not 'bloat' the screen with many
different icons - you can click or touch an item to get a
context-specific dialog or drag and drop rules around to move them in
the configuration.
![]()
The Packet Filter rule configuration.
![]()
Rules can be touched or clicked for additional actions.
![]()
The System Configuration Tree
![]()
The System Services
![]()
Network Interface Configuration
![]()
IPsec VPN, IKEv1 and IKEv2
![]()
The X.509 CA and Public Key Infrastructure (PKI)
![]()
The Relay and Load Balancer
![]()
The BGP Router
![]()
Packet Filter States (Stateful Packet Inspection)
![]()
The Web-based CLI
![]()
Login... and see more!
|