Xena Networks SafireManager User manual
USER MANUAL
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
SafireManager
User Manual
This is the User Manual for SafireManager.
SafireManager is the web-based user interface to manage and configure
Safire tester, Xena’s enterprise firewall performance tester.
Safire Version: 2.4.0
USER MANUAL
2
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
CONTENTS
Contents ............................................................................................................................................................. 2
Quick Start Guide ............................................................................................................................................... 5
1. Connect to Safire ........................................................................................................................................ 5
2. Change Chassis IP Address ......................................................................................................................... 6
3. Recover Chassis IP Address ........................................................................................................................ 7
4. Recover Admin Password........................................................................................................................... 8
Safire User Manual............................................................................................................................................. 9
Connect Safire Tester to Firewall ................................................................................................................... 9
Navigate with Dashboard............................................................................................................................. 10
New Test Case .............................................................................................................................................. 11
Select Network Topology ......................................................................................................................... 12
Select a Firewall Under Test..................................................................................................................... 13
Configure Testbed .................................................................................................................................... 14
Review and Save Test Case ...................................................................................................................... 15
New Firewall Under Test .............................................................................................................................. 16
Select Firewall Model ............................................................................................................................... 17
Select Firewall Firmware Version............................................................................................................. 18
Select Enabled Firewall Features ............................................................................................................. 19
Select Firewall Access Method................................................................................................................. 20
Save Firewall Under Test.......................................................................................................................... 21
Traffic Profile ................................................................................................................................................ 22
Create New Traffic Profile Manually ........................................................................................................ 23
Create New Traffic Profile from Firewall Log Files................................................................................... 24
Create New Traffic Profile from Existing One .......................................................................................... 27
Export Traffic Profiles ............................................................................................................................... 28
Import Traffic Profiles .............................................................................................................................. 29
Download Traffic Profile TLS Certificates and Keys.................................................................................. 30
Run Performance Test.................................................................................................................................. 31
Select Traffic Profile ................................................................................................................................. 32
Download SSL Certificates and Keys ........................................................................................................ 33
Build Test Iterations ................................................................................................................................. 34
USER MANUAL
3
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Configure Test Iteration Duration ............................................................................................................ 35
Change Waiting Time Between Iterations ............................................................................................... 36
Connectivity Test...................................................................................................................................... 37
Performance Test ..................................................................................................................................... 37
Analysis......................................................................................................................................................... 38
Download Reports.................................................................................................................................... 39
Open Reports in Browser ......................................................................................................................... 41
Test Result Analysis .................................................................................................................................. 42
Chassis Settings ............................................................................................................................................ 47
Change Management IP Address ............................................................................................................. 48
Change Management SSL Certificate ....................................................................................................... 49
Software Update ...................................................................................................................................... 50
Identity and Access Management............................................................................................................ 51
License Management ............................................................................................................................... 52
Generate Support Archive........................................................................................................................ 53
Chassis Reset and Restoration ................................................................................................................. 54
Chassis Power Off and Reboot ................................................................................................................. 55
Log Off ...................................................................................................................................................... 56
USER MANUAL
4
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
SafireCompact Chassis
USER MANUAL
5
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
QUICK START GUIDE
1. Connect to Safire
Managing Safire is done via two RJ-45 ports on the front of the tester. The Mgmt port has a configurable
static IP address for connecting to the tester from a laptop or stationary PC at a local or remote location.
Safire comes pre-configured with the following IP address on the Mgmt port:
•Address = 192.168.1.190
•Subnet = 255.255.255.0
•Gateway = 192.168.1.1
You need a direct connection from you PC to configure Safire for the proper IP address, subnet, and
gateway. Make sure your PC port is configured statically to an IP address in the 192.168.1.XXX range.
Insert the required transceivers into their test-port cages. Remember to always use the small plugs to
prevent dust entering optical transceivers when no cable is attached.
Connecting the power cable should cause Safire to power up automatically. If it doesn’t, press the power
button on the front panel. The chassis takes 2-3 minutes to start up.
When the chassis is running, the front panel LEDs on the
test module start flashing. They stop flashing when the
first connection is made.
Connect the Mgmt port on the chassis front panel to the
port on your PC.
Open https://192.168.1.190 in your web browser.
Login using these credentials:
•Username: admin
•Password: admin
USER MANUAL
6
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
2. Change Chassis IP Address
Once you are logged in, you can change the tester’s name, description, and management interface IP
address in Settings > System. You can also create users with different levels of authorizations in Settings >
IAM.
IMPORTANT - If you lose IP network connectivity while modifying these settings, please perform the
recovery actions outlined below. If this does not work, please contact support@xenanetworks.com for
assistance.
•Go to Settings > System > Management Interface > Properties
and enter the new IP address, subnet mask, and gateway
•Click SAVE
•Wait for Safire to automatically redirect your web browser to the
new URL.
•If failed, restart the chassis by clicking the Reboot button, or by
manually powering the chassis off and on.
•When the chassis comes back online it will have the new IP
address
•Open https://<new IP address> in your web browser
Change chassis IP address
Chassis reboot & shutdown
buttons
USER MANUAL
7
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
3. Recover Chassis IP Address
If you forget Safire’s IP address, you need another way to get in touch with it. This is done by making a
direct connection from your PC to the Ext port, which is next the Mgmt port.
The Ext port is pre-configured with the following IP setup:
•Address: 172.16.255.210
•Subnet: 255.255.255.0
•Gateway: none
You must configure your PC port statically to an IP address in the 172.16.255.XXX range, and then you will
be able to ping the chassis again.
Now, open https:// 172.16.255.210 in your web browser.
Under Settings > System > Management Interface > Properties, you can see which IP address is configured
for the Mgmt port, and you can change it if necessary. Changes to the IP address of the Mgmt port take
effect after rebooting the chassis.
Note that the IP configuration of the Ext port cannot be changed, and that you should not configure the
Mgmt port to use this subnet.
USER MANUAL
8
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
4. Recover Admin Password
Safire lets you create multiple admin account on the chassis. Each admin account has the same
authorization level. Thus, you can always create a backup admin account if you forget the login password of
the usual admin account. But if you have lost passwords for the admin accounts, please contact
support@xenanetworks.com.
USER MANUAL
9
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
SAFIRE USER MANUAL
Connect Safire Tester to Firewall
Safire has two color-coded test ports. These colors are below the physical test port: one is blue, and the
other is gray.
A firewall usually has many ports. Choose two ports on your firewall and use cables to connect them to
Safire’s test ports. For convenience, let’s call the firewall port that is connected to the blue test port the
“blue port”, and the other the “gray port”.
Optionally, make sure Safire’s management port is connected to firewall’s management interface through
your LAN network. This is because Safire uses the management port to clear firewall’s session table as well
as query firewall’s CPU usage.
Connect Safire to firewall under test
Safire
Firewall
MGT
MGT
Internal LAN
USER MANUAL
10
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Navigate with Dashboard
Dashboard has three sections, Testing, Test Progress, and Analysis.
In Testing, you can create test cases, traffic profiles, and firewalls under test. The number in Testing shows
the number of test cases you have on the chassis.
In Analysis, you can download report and analyze test results for various use cases. The number in Analysis
shows the number of test reports you have on the chassis.
Test Progress quickly direct you to the ongoing test. The percentage number in Test Progress shows the
progress of the ongoing test.
For quick navigation between different pages, use the navigation side bar on the right.
Dashboard and navigation bar
USER MANUAL
11
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
New Test Case
In this example, you will learn how to use Safire to create a test case for test the performance of your
firewall. Go to Dashboard and click Testing > Test Cases, then click CREATE NEW. You will be directed to
New Test Case page.
Click Testing > Test Cases to start creating a new test case
USER MANUAL
12
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select Network Topology
On the New Test Case page, select the network topology that best matches the network your firewall is
deployed. There are four options:
•Enterprise Internal Segmentation
•Enterprise Security Perimeter
•Data Center Internal Segmentation
•Data Center Security Perimeter
New Test Case: Choose a network topology
USER MANUAL
13
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select a Firewall Under Test
From the drop-down list, select a firewall under test for this test case. If you cannot find it in the list, click
the button to create a firewall under test. To learn how to create a new firewall under test, go to section
New Firewall Under Test.
New Test Case: Choose a firewall under test
USER MANUAL
14
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Configure Testbed
Enter firewall’s two interface addresses. The format of the firewall’s interfaces address must be in CIDR, for
example 10.0.0.1/8 and 11.0.0.1/8. The interface on the left connects to Safire’s client port, and the other
to Safire’s serve port. If the interfaces are VLAN enabled, enter the VLAN ID accordingly.
Choose a port speed for Safire’s two test ports to operate at. Please note, based on Safire’s port type (SFP+
or RJ45), you will see port speed options. The figure below shows the speed options of optic port type
10G/1G SFP+.
New Test Case: Configure testbed
USER MANUAL
15
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Review and Save Test Case
Use the preview panel on the right to keep track on your configuration. When everything is set correctly,
click CREATE button and enter a test case name and description (optional) in the pop-up dialog window.
Click SAVE to save the test case configuration.
New Test Case: Review and save test case
USER MANUAL
16
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
New Firewall Under Test
In this example, you will learn how to use Safire to create a firewall under test object. Go to Dashboard and
open Testing > Firewalls Under Test, then click CREATE NEW. You will be directed to New Firewall Under
Test page.
Click Testing > Firewalls Under Test to start creating a new test case
USER MANUAL
17
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select Firewall Model
Select a firewall model that matches your device under test from the drop-down list. You can also search
using the built-in search bar.
New Firewall Under Test: Select firewall model
USER MANUAL
18
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select Firewall Firmware Version
Select a firmware version that matches your device under test from the drop-down list.
You can also enter optional information about the firewall. The information will be included in the test
report.
New Firewall Under Test: Select firewall firmware version
USER MANUAL
19
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select Enabled Firewall Features
Select the security features that match your firewall’s configuration from list.
New Firewall Under Test: Select the enabled firewall features
USER MANUAL
20
XENA NETWORKS –LOTTENBORGVEJ 26 –2800 LYNGBY –DENMARK
WWW.XENANETWORKS.COM
Select Firewall Access Method
Safire uses the access information entered in this panel to monitor firewall resource utilization (CPU and
memory), and clear firewall’s session table between iterations. Safire supports two access methods: SSH
and REST. Choose which firewall access method you prefer to use.
•If you choose SSH CLI
The port number used by SSH CLI is 22. You don’t need to provide the port number after the IP
address. Simply enter the IP address of the firewall management port and the login credentials of
SSH. The Test Connection button lets you test the access method settings before Safire securely
saving it in the on-chassis database.
•If you choose REST API
Safire uses HTTPS for REST communication with port 443 by default. Simply enter the IP address of
the firewall management port and the REST token. If your firewall uses other ports for HTTPS
access, e.g. 4443, then you need to specify the port number after the IP address, e.g.
10.20.10.50:4443. The Test Connection button lets you test the access method settings before
Safire securely saving it in the on-chassis database.
New Firewall Under Test: Select SSH CLI as firewall access method
New Firewall Under Test: Select REST API as firewall access method
Table of contents
