Performing the Initial Configuration

Cisco AOL-13877-01

C H A P T E R 5
Performing the Initial Configuration
This chapter describes how to configure network settings for a ACE Web Application Firewall and Manager appliances. It covers these topics:

• Overview, page 5-19

• Configuring the Initial System Settings, page 5-20

• Setting the Operating Mode for the Appliance, page 5-23

• Setting the System Clock, page 5-26

• Shutting Down and Rebooting, page 5-28

• Configuring the Product License, page 5-29

• Next Steps, page 5-31

Overview The initial configuration procedure installs the appliance on the network, giving it an IP address and other basic network settings. It also sets the operating mode of the appliance. The appliance can operate in one of several modes—as a gateway, manager, or standalone appliance (which encompasses both operating modes).

When configuring the initial settings for an appliance that will act as an ACE Web Application Firewall, you set the IP address of the Manager that will control it. In turn, you need to identify controlled Firewalls in the Manager configuration.

Before starting the initial configuration procedure, be sure you have the following information:

• IP address and subnet mask to be given to the appliance. The ACE Web Application Firewall must be configured with a static IP address. The appliance does not support the use of dynamic IP addressing schemes such as BOOTP or DHCP.

• IP address of the default gateway in the target network.

• IP address of the primary name server for the network to which the appliance is connected.

• The password for the root account on the appliance.

Caution Make sure you have this information before starting to configure the appliance. Entering incorrect information can render your appliance inoperable.

5-19CE Web Application Firewall Administration Guide

Chapter 5 Performing the Initial ConfigurationConfiguring the Initial System Settings

Configuring the Initial System SettingsThis section describes how to perform the configuration tasks required to set up an ACE Web Application Firewall and Manager appliances. They include configuring network settings for the appliance and setting its operating mode, whether it should act as a manager, gateway, or both.

While these steps assume that you are configuring the appliance for the first time, any portion of these instructions may be applicable when you want to adjust the appliance's settings or reconfigure it completely.

To perform the initial configuration of the appliance:

Step 1 Log into the Shell interface as root user as described in “Logging In to the Appliance Shell” section on page 4-16.

First, you will configure the basic network settings for the appliance, such as hostname and IP address.

Step 2 In the Main Menu, choose Network Configuration.

Step 3 Choose the Hostname item from the Network Configuration menu.

The shell prompts you to enter the fully-qualified name of this appliance.

Step 4 In the field, type the fully-qualified hostname for the appliance, such as xmlgate.example.com

If a name has been reserved on your network for the use of the ACE Web Application Firewall appliance, type that name in the field provided. Otherwise, you may enter a placeholder name (but don't use a valid name that belongs to a different appliance in the network!).

When you enter a value, the Main Menu appears.

Step 5 Choose the IP Gateway item from the Network Configuration Menu.

The Default IP gateway of this machine screen appears.

Step 6 Enter the IP address of the default gateway or router that connects this appliance to your network and enter OK.

You may need to consult your local network administrator to obtain the gateway address.

Step 7 In the Network Configuration menu, choose Name Servers to configure the appliance connection for domain name servers.

Step 8 Enter one or more IP addresses for valid DNS servers for the appliance. If entering more than one address, use spaces to separate multiple IP addresses.

If more than one address is configured, the appliance will attempt to use the first server for all lookups. If the first server fails to respond after a brief timeout period, the appliance sends the lookup to the next server in the list.

Step 9 Configure the Ethernet interface 0 by choosing the Interface eth0 item from the Network Configuration menu.

The shell displays a screen in which you can enable or disable the specified Ethernet interface.

Step 10 Choose the enabled item.

The shell displays a screen in which to specify one or more IP addresses under which the enabled Ethernet interface is to appear.

Step 11 Enter the IP address to be associated with this interface.

When entering more than one address, use spaces to separate multiple IP addresses. The first address in the list is the assigned address, and the appliance aliases subsequent addresses in the list to the first IP address in the list.

5-20Cisco ACE Web Application Firewall Administration Guide

OL-13877-01


Note Assign only static IP addresses to the network interface. Each address must be a valid static address assigned to the ACE Web Application Firewall and Manager appliance by your network administrator. Do not use DHCP or other dynamic addressing schemes to assign addresses to the appliances. The ACE Web Application Firewall cluster and Manager require stable, static IP addresses for correct operation.

Step 12 Enter the netmask that specifies the network and host portions of the IP address you entered. You may need to consult your network administrator to obtain the netmask value to use.

The shell displays a screen in which you can specify the speed at which this Ethernet port operates.

Step 13 Choose an Ethernet speed or choose the auto setting.

The shell displays the Ethernet duplex screen or the Edit Static Routes screen.

In the Ethernet speed screen, choose:

• 10, to specify 10baseT

• 100, to specify 100baseT

• 1000 to specify gigabit Ethernet speed

• auto to enable the appliance to configure its Ethernet settings automatically.

Note For maximum throughput, do not choose the auto setting. For more information on the performance impact of negotiating port speed automatically, see “Appliance Network Interface Considerations” section on page 2-8. Also note that to realize full Gigabit Ethernet performance, your network must use CAT 5e Ethernet cable end-to-end.

Step 14 If the shell displays the Ethernet duplex screen, choose a half-duplex or full-duplex connection.

The shell displays the Edit Static Routes screen.

If the shell does not display the Ethernet duplex screen, go to the next step.

Step 15 If static routes need to be defined for this appliance, choose Add new route. Otherwise, go to the next step.

Static routes are most commonly needed in a dual-homed appliance configuration, in which the appliance has different separate interfaces on different subnets.

Step 16 Enter a static route in the format specified if needed. If no static routes are required for this appliance, you can skip this step.

When finished, the shell displays the Edit Static Routes screen with the new route. If the shell discovers errors in the static route you entered, it displays a screen in which you can make corrections to the route and attempt to enter it again.

To add more static routes, choose the Add new route item as necessary to enter all static routes that affect traffic destined for this appliance.

Step 17 When you are finished adding static routes, choose Accept settings.

Step 18 To commit the configuration changes, choose Yes in the Commit the following new settings screen. To exit the Network Configuration menu without changing any settings, choose No in the Commit the following new settings? screen.

If you choose Yes, the appliance restarts the interface using the new settings, then returns to the Network Configuration menu. If the appliance cannot apply the new values, it displays an error message, enabling you to re-enter the settings without restarting the appliance.


OL-13877-01


Step 19 To enable traffic on another interface, choose the interface item (such as Interface eth1) from the Network Configuration menu and repeat the steps used to configure the eth0. The specific values you assign for this port's settings may vary according to this appliance's function and its location on your network.

Step 20 To review your configuration choices, choose View Routing Table from the Network Configuration menu.

The Kernel IP routing table screen appears. If you cannot see the entire table, you can use the arrow keys on your keyboard to scroll through it.

Step 21 After reviewing the routing table, dismiss it by choosing Exit.

Step 22 In the Network Configuration menu, test your network settings by choosing Test Network Settings.

The Network Configuration Tester checks the basic settings affecting each currently-configured Ethernet interface.

Step 23 To exit the Network Configuration Tester screen, press the Enter key.

If the appliance's network configuration settings are valid, the Network Configuration menu appears. Otherwise, the Network Misconfigured screen appears. In this case, choose OK to return to the Network Configuration menu and, from there, return to any of the previous screens to correct configuration errors.

Step 24 From the Network Configuration menu, choose Return to Main Menu to continue set the operating mode for the appliance.

Step 25 Now set the operating mode for this appliance by either:

• Selecting Yes, if prompted in the verify cluster settings screen to select the operating mode for this appliance.

• If you are in the Main Menu, choose Gateway Cluster Configuration.

The current mode for the appliance is highlighted in the This machine should act as a screen. Complete the configuration based on the desired operating mode of the appliance, from these options and by using the instructions at the linked section:

Step 26 In the This machine should act as a screen, choose the cluster configuration this appliance is to have:

• To configure this appliance for gateway operation, choose Gateway Cluster Member and enter the IP address of the Manager that will control this gateway.

Note For step-by-step instructions on this configuration, see “Gateway Mode” section on page 5-25

• To configure this appliance as a manager, choose Manager. You specify the Firewalls in this Manager’s control later from the Manager web console, as described in the Cisco ACE Web Application Firewall User Guide.

Note For more instructions on this configuration, see “Manager Mode” section on page 5-24

• To configure this appliance as a standalone appliance, choose Both Gateway and Manager.

Note For more instructions on this configuration, see “Standalone Mode” section on page 5-23

• To disable all processes until re-enabled explicitly, choose the Inactive machine item.


OL-13877-01

Chapter 5 Performing the Initial ConfigurationSetting the Operating Mode for the Appliance

Note For more on this configuration, see “Inactive Mode” section on page 5-26

You are prompted to restart using the new networking settings.

Step 27 Restart the services running on the appliance at this time by clicking Yes.

You can exit this screen without restarting by choosing No. However, you will need to restart the services later to have your changes take effect. To do so, choose the Main Menu > Manage Gateway Processes > Restart All Configured Services item.

Step 28 If prompted, click OK to acknowledge the notice regarding adding gateways to this Manager. You will need to do so later from the Manager web console.

This completes the initial configuration of your appliance. You can enable additional features as described in this guide, or start using the Manager web console to develop and deploy the policy, the set of rules and behaviors that the ACE Web Application Firewall applies to network traffic.

Setting the Operating Mode for the ApplianceWhile performing the initial setup of the appliance, as described in “Configuring the Initial System Settings” section on page 5-20 you were prompted to specify the operating mode of the appliance. You can have it act as a gateway, manager, or both. This section provides more information on that configuration.

You can access the operating mode settings at any time by selecting 3) Gateway Cluster Configuration in the Main Menu.

The appliance can operate in these modes:

• Standalone Mode, page 5-23

• Manager Mode, page 5-24

• Gateway Mode, page 5-25

• Inactive Mode, page 5-26

Standalone ModeA single appliance can act as both gateway and manager. This configuration is useful for evaluation or development purposes.

Note This section provides details on step 26 in “Configuring the Initial System Settings” section on page 5-20. For information on configuring your appliance's network settings, see the others steps listed in that section.

To configure the appliance to operate as a standalone appliance, follow these steps:

Step 1 Log into the Shell as the root user.

For more information, see “Logging In to the Appliance Shell” section on page 4-16.


OL-13877-01


Step 2 From the Main Menu, choose the Gateway Cluster Configuration item.

Step 3 Configure the appliance for standalone operation by choosing the Both Gateway and Manager item from the This machine should act as a screen.


Step 4 It is suggested that you restart the services running on the appliance at this time by clicking Yes.

To exit this screen without restarting, choose No. However, you will need to restart the services later to have your changes take effect. To do so, choose the Main Menu > Manage Gateway Processes > Restart All Configured Services item.

Step 5 If prompted, click OK to acknowledge the notice regarding adding Gateways to this Manager. You will need to do so later from the web console.

The appliance now operates in standalone mode. You can put the appliance into service or configure optional features.

Manager ModeAn ACE Web Application Firewall Manager is the policy development environment and monitoring point for the system. This section describes how to configure an appliance that is already running on the network to operate in manager mode.

Note This section provides details on step 26 in “Configuring the Initial System Settings” section on page 5-20. For information on configuring your appliance's network settings, see the other steps in that section.

To configure the appliance to operate as a Manager:

Step 1 Log into the Shell menu as the root user.



Step 3 To configure the appliance for operation as a Manager appliance, choose the Manager item from the This machine should act as a screen.

Note that you add gateways to this Manager’s control later in the Manager web console.




Step 5 If prompted, click OK to acknowledge the notice regarding adding Firewalls to this Manager. You will need to do so later from the web console.

The appliance now operates as a dedicated Manager. You can now put the appliance into service or configure optional features.


OL-13877-01


Gateway ModeAn ACE Web Application Firewall applies the set of rules and processing instructions developed in the Manager web console to network traffic. This section describes how to configure an appliance in gateway mode, in which the appliance applies the policy to network traffic.

Note This section provides details on step 26 in “Configuring the Initial System Settings” section on page 5-20. For information on configuring your appliance's network settings, see the other steps in that section.

To configure the appliance to operate in gateway mode:

Step 1 Log into the appliance Shell as the root user.



Step 3 To configure the appliance for gateway operation mode, choose the Gateway Cluster Member item.

Note An ACE Web Application Firewall typically operates as a member of a gateway cluster. Each member of the cluster applies the same policy and can be managed by a single Manager. For gateway operation, choose this option whether the appliance will operate alone or within a group of gateways. For more on clusters, see Chapter 6, “Configuring a Firewall Cluster.”

You are prompted to enter the IP address of the Manager to control this ACE Web Application Firewall.

Step 4 Enter the IP address of the Manager that will control this ACE Web Application Firewall.

The ACE Web Application Firewall will only accept administrative commands and queries from an Manager at the IP address you set here. This Firewall cannot be administered by any other Manager instance.

It is important to note that source IP address verification is the primary mechanism that an ACE Web Application Firewall uses to authenticate administrative traffic from the Manager. For this reason, you should ensure that access to the administrative port of the Firewall (port 8200, by default) is available only from within a trusted network. If using a hardware-backed keystore, follow the steps in Chapter 7, “Using Hardware Keystores and Security Worlds,” to secure the connection with a hardware-backed certificate.

Just as you specify the manager’s address in the Firewall’s configuration as described in this step, you need to configure the Firewall’s address in the manager’s configuration. This is accomplished by adding the Firewall to a managed cluster in the Manager web console. For more information, see the Cisco ACE Web Application Firewall User Guide.




OL-13877-01

Chapter 5 Performing the Initial ConfigurationSetting the System Clock

The appliance now operates in gateway mode. If there are multiple ACE Web Application Firewall appliances in your deployment, repeat these steps for each appliance. When finished, you can put the appliance into service or configure optional features. Before this Firewall can process service traffic, it needs to be added to the managed cluster configuration of a particular Manager. For more information, see the Cisco ACE Web Application Firewall User Guide.

Inactive ModeAn inactive appliance performs no message-processing functions, either because it’s a new appliance that has never been configured or because its message-processing functions are deliberately suspended. For a suspended appliance, you can return the appliance to active status using the Main Menu > Gateway Cluster Configuration menu.

Note This section provides details on step 26 in “Configuring the Initial System Settings” section on page 5-20. For information on configuring your appliance's network settings, see the other steps in “Configuring the Initial System Settings” section on page 5-20.

To configure the appliance to operate as an inactive appliance:

Step 1 Log into the appliance shell as the root user.



Step 3 From the operation mode options, configure the appliance as inactive by choosing Inactive machine.

You are prompted to restart with the new networking settings.

Step 4 Restart the services running on the appliance with the new setting at this time by clicking Yes. The appliance must be restarted to cause the new settings to take effect.

Although it is recommended that you restart the appliance now, you may choose to do so later in the configuration process. For example, if you know that you plan to perform other configuration tasks that require a restart, or if you plan to restart all of your network devices at one time, you may defer this step.

To exit this screen without restarting, choose No. To restart the services later, choose the Main Menu > Manage Gateway Processes > Restart All Configured Services item.

Setting the System ClockEach Manager or Firewall appliance time-stamps the items it enters in its message log or event log. To ensure the accuracy of these timestamps, you must set each appliance's system clock. If there are multiple appliances in your deployment, they should all be set to have the same system time. A significant discrepancy between system clocks between appliances in a deployment (that is, of a few minutes or more), can impede the proper operation of the system.

This section describes how to set the time on a appliance. You can set the system clock on each appliance yourself or synchronize them using a Network Time Protocol (NTP) server. To ensure consistent timekeeping across appliances, we recommend that appliances use NTP to keep their clocks correctly set.


OL-13877-01

Chapter 5 Performing the Initial ConfigurationSetting the System Clock

Note The ACE XML Gateway uses Greenwich Mean Time (GMT) for its internal clock. GMT is used for timestamp verification, internal log data, and other time-based service processing activities. You should never attempt to change time zones on the appliance. All appliances must always be configured for GMT. Note, however, that the time display in the Manager web interface can be adjusted to the zone desired.

Setting the Clock ManuallyIn most cases, a network time server should be used to synchronize system clocks on the appliances. However, it is possible to set the clock manually, as follows:



Step 2 In the Main Menu, choose the Advanced Options item.

Step 3 In the Advanced Options menu, choose Run bash.

The bash command prompt appears. You may now use this shell as you would in a typical Linux environment.

Step 4 Use the Linux date command to enter the current time.

For example, the following command sets the system clock to Monday, May 16, 2005 at 5:28 PM:

date -s "Mon May 16 17:28:00 05"

Note For more information about the date command, type man date or info date.

The command prompt displays the date you set. The system clock on the appliance is now set.

Step 5 To return to the Advanced Options menu, type exit at the command line and press enter.

Repeat these steps for each Firewall or Manager appliance.

Setting the Clock by a Network Time ServerAlthough the ACE Web Application Firewall and Manager appliance clock is accurate and stable enough to provide reliable time stamps, all clocks drift to some degree. To enhance consistent timekeeping across the enterprise, you can use a Network Time Protocol (NTP) server to coordinate the system clocks of all computers on the network.

This feature is especially useful when using a syslog aggregator to create one log that reflects the activities of multiple appliances, and it can be critical to the ability to process SOAP headers and other time-sensitive protocols correctly.

The appliances use version 4.1.2 of the Network Time Protocol. To configure an appliance to use an NTP server:



OL-13877-01

Chapter 5 Performing the Initial ConfigurationShutting Down and Rebooting


Step 2 From the Main Menu, choose the Advanced Options item.

The Advanced Options menu appears.

Step 3 Choose the Time Settings item from the Advanced Options.

The shell displays a screen in which you can specify the NTP servers this appliance is to use.

Step 4 In the field provided, enter the IP addresses or hostnames of one or more NTP servers. By entering multiple servers, you can ensure that if one server is unavailable, an alternate will be used. Use spaces to separate multiple addresses. (To disable use of NTP, remove all information that appears in this field.)

If there are multiple appliances in your deployment, you should set each to have the same NTP servers, to ensure that the appliances remain properly synchronized.

Step 5 Choose OK to save the settings.

When you complete these steps, the appliance attempts to contact the server. If successful, the Advanced Options menu appears. If the appliance cannot contact the time server, it displays status messages to this effect. However, you are prompted to save the new settings anyway.

In this case, make sure that the network connection is good. If you know that the connection is good but the appliance cannot connect to the NTP server, check the addresses for errors or verify independently that the specified server is up and running.

Alternatively, if you are configuring an appliance that is not yet on the network, the appliance won't be able to connect to the server even if the address or hostname is correct. In this case, you can choose to save the new settings regardless of the initial failed access attempt.

Shutting Down and RebootingThe shell provides menu options for shutting down and rebooting the appliance. You should use this method for shutting down the appliance rather than the UNIX shutdown -h command, since the shutdown command does not remove power to the appliance hardware.

Certain types of configuration changes require a reboot. For example, changes to network settings or cluster configurations require that system boot using the new settings. If making many configuration changes, it may be more convenient to reboot only after all changes have been made, rather than after every change that requires a reboot. You can use the Reboot menu item to reboot the system at your convenience.

Rebooting the ApplianceTo reboot the ACE Web Application Firewall or Manager appliance:

Step 1 Choose the Shutdown/Reboot item from the Main Menu.

Step 2 In the Shutdown/Reboot screen, choose the Reboot item.

The appliance prompts you to confirm your choice.

Step 3 Confirm the reboot by selecting Yes from the confirmation screen. To exit this screen without rebooting, choose the No item from the confirmation screen.


OL-13877-01

Chapter 5 Performing the Initial ConfigurationConfiguring the Product License

Step 4 Choose the Return to Main Menu item to exit the page.

Shutting Down the ApplianceTake the following steps to shut down an ACE Web Application Firewall or Manager safely:

Step 1 Choose the Shutdown/Reboot item from the Main Menu.

The Shutdown/Reboot screen appears.

Step 2 Choose the Shutdown item from the Shutdown/Reboot screen.

The appliance prompts you to confirm your choice.

Step 3 Confirm the shutdown by choosing Yes from the confirmation screen. The appliance shuts down all processes and powers off.

To exit this screen without shutting down, choose No. The appliance returns to the Shutdown/Reboot screen.

Configuring the Product License To be fully operable, the ACE Web Application Firewall and Manager must be configured with a valid license. A unique, host-specific license is required for each Manager and Firewall in your system.

A license is bound to a particular appliance by its hardware-specific host identifier. If you need a license for a particular appliance, you will need to submit the appliance’s host ID along with your product authorization key (PAK) in the Cisco online license registration form. Your product authorization key (PAK) should be indicated in the materials included with your ACE Web Application Firewall delivery.

The general steps for configuring appliance licenses are:

1. Get the host ID for the appliance.

The license identifier for the Manager and the Firewalls in its control are indicated in the License Management page of the Manager web console.

Note This section describes how to discover a host ID and apply a license to an appliance in the web console. However, complete information on using the web console is beyond the scope of this document. For more information on using the web console, see the Cisco ACE Web Application Firewall User Guide.

2. Use your product authorization key (PAK) and the appliance’s host ID to complete the Cisco product license registration form at the following address:

www.cisco.com/go/license

You should have a product authorization key for each appliance in your order. After you complete the registration, the license file will be sent to you by email.

3. Once you receive the license file by email, install the license key in the License Management page by copying the license text from the license file into the License field for the appliance.


OL-13877-01

Chapter 5 Performing the Initial ConfigurationConfiguring the Product License

The web console for an unlicensed Manager has limited navigability—only the License Management page is accessible. Accordingly, if installing a new Manager with one or more separate Firewalls, licensing is a two-step process. First, you need to request and configure the Manager license. Once the Manager is licensed, you can use the Cluster Management pages in the console to add Firewalls to the administrative control of the Manager. The Manager can then display the host IDs of the Firewalls, which you can use to get licenses for the Firewalls. If the Manager is licensed but not one of its managed Firewalls, you can develop a policy in the web console but the Manager will be unable to deploy the policy to the Firewall until it is licensed.

There are two types of licenses, one for the Manager and one for the Firewall. Which type you need for a particular appliance depends upon its operating mode:

• In standalone mode, you will need to configure two licenses for the appliance, one for Manager operability and one for Firewall operability. You should have a PAK for each of the operating modes.

• In Manager-only mode, a single Manager license is required.

• In gateway-only mode, a single Firewall license is required. (The license for a Firewall is configured from the web console of the Manager that administers it.)

To acquire a license and apply it in the Manager web console:

Step 1 Retrieve the host ID of the appliance that needs to be licensed as follows:

a. Access the Manager web console from a web browser. The address of the web console is:

https://<managerhostname>:8243

b. You may receive a security alert regarding the certificate used by the Manager. For now, click Yes to accept the certificate. The login page appears.

c. The first time you access the console, you can use the built-in user administrator with the password swordfish.

Note For information on accessing and navigating the Manager web console, see the Cisco ACE Web Application Firewall User Guide.

d. In the Manager web console, click the License Management link. The License Management link appears in the navigation menu under the Administration group or in the License Error page if the Manager is unlicensed.

e. Locate the machine identifier for the unlicensed appliance, indicated by a value of “no license specified” or “invalid” in the License Status column of the License Management table. Note the following points regarding host IDs:

• For a standalone appliance, the host ID appears twice, once for Manager operation and once for gateway operation. However, note that the values are identical.

• Only host IDs of Firewalls that have been added to a cluster managed by this ACE Web Application Firewall Manager appear on the License Management page. Notice that licensing is configurable for Firewalls across all clusters in the Manager web console, without having to change the cluster context in the web console. For more information on adding Firewalls to a managed cluster, see the Cisco ACE Web Application Firewall User Guide.

f. Copy or note down the identifier for any unlicensed appliance from the Host ID column of the License Management table.

Step 2 Go to the Cisco Product License Registration page at:

http://www.cisco.com/go/license


OL-13877-01

Chapter 5 Performing the Initial ConfigurationNext Steps

Follow the instructions on the registration pages to submit the license registration. Enter your Product Authorization Key (PAK) and the host ID of the appliance as directed. When finished, a license file is generated and sent as an email attachment to the address you indicated in the form.

Step 3 When you receive the license file, copy the contents of the file and return to the License Management page of the web console.

Step 4 Click the edit link next to the appliance for which the license was issued.

Note For a standalone appliance, be sure to choose the edit link for the Manager to apply the Manager license, and for the Firewall to apply the Firewall license. A Firewall license cannot be used in the manager license field, and vice versa.

Step 5 Paste the text of the license into the License field and click Save Changes.

Step 6 In the License Management page, verify that “valid” now appears next to the appliance.

Repeat these steps for each ACE Web Application Firewall that requires a license. If you’ve just licensed the Manager, you can now access the Cluster Management pages to add Firewalls to the Manager’s control. Once the Firewall is added, its host ID is available on the License Management page.

Next StepsAfter you've completed the steps in this chapter, your appliance is functional in a basic configuration as a manager, gateway, or standalone appliance. The remaining chapters of this book contain procedures for enabling additional features, such as hardware-based keystores, SSL engines, and SNMP.

To configure traffic handling at the Firewall, you can now log into the Manager web console, as described in the Cisco ACE Web Application Firewall User Guide, to develop the policy.


OL-13877-01

Chapter 5 Performing the Initial ConfigurationNext Steps


OL-13877-01

Documents

Performing the Initial Configuration