General

Generic Firewalls are normally custom-branded appliances running custom operating systems and custom software. In rare cases the operating system is full custom design while in most cases is a customization version of some Unix/Linux distributions. In the case of a custom Firewall the appliance is supplied as a “blackbox” and all interactions are made through either a LAN based WEB browser interface, a LAN based SSH/TELNET terminal type application or via a Serial Port connection running a terminal based interface. Such serial connectivity port is in most cases used as an emergency / recovery connection to be used in case the LAN based routed connection services end up failing.
On this kind of devices, the HyperManage platform offers the following functionalities:


Operational Functions

Secure connectivity
The best way to provide real secure connectivity to such custom appliances is to configure them to allow local access only. Secure access can be then provided by connecting the appliances ports directly either to the LAN interface or to the serial interface of an HyperNode.
Through the LAN interface it is possible to access the configuration WEB server of the firewall, to change configuration and rules over a completely secure connection. Is is also possible to tunnel some console connections over Telnet or SSH protocols, or to transfer files over FTP or similar protocols without opening any security window because all the connection are run through HyperManage secure point to point VPN protocols.
Through the Serial interface, it is also possible to access a firewall. This is most useful when the Firewall is not in operational state anymore and consequently the LAN connection cannot be used any more. Through the serial interface most of such appliances allow the full reload of the firmware and/or the reset of the firewall to default factory settings.

Operational Condition:
The Firewall Serial Console access does not relay on the Server's LAN access being active and operational so, as far as the HyperNode can connect to the HyperServer via either its standard LAN access, via an alternative or Out of band LAN access (via a USB 3G PEN for instance) then the access to the Firewall's console is guaranteed.
On the other hand if something goes wrong to the appliance's LAN connectivity due to the primary LAN failure or a Firewall LAN misconfiguration then the LAN based access will become inoperative.


Automatic login procedure
HyperManage platform can be set up to centrally store device credentials, in order to avoid to share them across different users: this permit a more efficient way to manage remote devices even when third party man power is employed. The Auto-loging feature allows not to disclose any of the specific device credencial to the operating technicians. At the end of a working relationship, to avoid further connections, the technician's account or access scheme can be centrally disabled or reconfigured without worrying about anybody knowing any specific device access credentials.
On custom-branded FireWalls accessed via specific services either provided through a serial port connection (terminal type connections) on a LAN based port connection (normally based on ssh or telnet protocols or others), custom login scripts can be easily developed to be downloaded to the relevant HyperNodes and executed on a specific LAN service access request, to provide automatic login to potentially every available service to the specific authorized users.

Remote power control
Connecting external proprietary PDUs (Power Distribution Unit) to an HyperNode, allows to remotely control the mains power of the custom-branded Firewall. This enable the technician to perform a cold boot of the firewall, following on the console connection all the boot process, with the possibility to intervene during such process, to perform basic firmware reload or system full reconfiguration including reset to factory setting status.


Management Functions

Session recording and logging
All maintenance sessions to custom and proprietary design firewalls can still be fully recorded, to enable the post analysis of all interventions performed. All access through the serial console or via the LAN based console protocols like ssh or telnet will be recorded and stored as by HyperManage on the central server as session history files. On other than standard LAN-based services, depending on the nature of the connection, either a video file or a list of commands and answers passed through the HyperNode will be recorded.
Full information on the technician performing the connection is also recorded: Technician's Name, Date and Time of the start of the intervention, Date and Time of the end of the intervention, the IP address used by the technician during the connection are fully available for subsequent analysis.

Proactive monitoring
To monitor the functionality of a custom design firewall is possible to use the SNMP monitoring over LAN service. HyperManage allows to centrally upload a MIB file describing the traps generated by the firewall. It is then possible to configure the HyperNode to react upon reception of certain traps containing specific OIDs (Object Identifier) and generate specific alarms on the HyperManage platform.
In configuration the firewall has to be configured to send SNMP traps to his guardian HyperNode. The traps will then be locally analyzed by the HyperNode and, if they match the ones programmed through the HyperManage interface, the HyperNode will react by generating an alarm that will be forwarded to HyperManage for the specific handling.

Central storage of configuration/backup files
HyperManage can be configured to allow the centralized storage of the configuration files of a managed firewall as a backup system. This way users and technicians can upload the firewall's configuration files to the HyperManage Server. The centralized access to such files by privileged technician in order to analyze them can be very important in fault prevention. The system wide availability of the firewall configuration files will be perceived an essential feature during a fail-over procedure. Each configuration can be uploaded as a compressed file, and a comment file can be linked to each uploaded configuration. For every backup configuration uploaded, HyperManage makes sure that all user's details including date and time of the backup operation are stored in the system.