The Technology
The Products
Press Room
Events & Awards
Purchase
Support

Home | Contact Us | About Us | Resellers | Downloads

Help

Support - Frequently Asked Questions

Something seems slow, odd or broken. How can I easily tell if the Ally is involved?
The Ally appliances have a "pass-through" mode where the device doesn't apply any of it's protection or anti-reconnaissance defenses. You can turn on and off pass-through mode by accessing the "General Filtering Options" management page.

Why do I have to occasionally set the time on the Ally ip100?

The Ally ip100 operates as an embedded device with no external or system clock available, so a power cycle will cause the device to lose its current time. However, it is designed to continue counting time and keeping track of events based on this internal clock. Upon re-assigning the time after a power-up, the unit will re-calculate the past 'unknown time' events and re-assign their values based on this internal count.

I cannot access the Ally ip100 management page(s). What could be the problem?

There are a few situations where it initially seems you cannot access the Ally ip100 from a web browser. Most of these are solved by merely waiting 30 seconds to two minutes and trying again. This delay occurs mostly due to a power cycle (losing power or rebooting the device). Also, deploying the Ally ip100 on the wrong side of an IPSec-based VPN device can cause this symptom. Merely re-locating the device should fix that problem. See below for more information about working with IPSec and VPNs.

After I reboot the Ally ip100, why must I wait to access the management pages?

The Ally ip100 uses an embedded micro-web server application to provide management access. In order to provide immediate security and rapid traffic processing as quickly as possible right after a reboot, the micro-web server service is started with a low priority and takes approximately 2 minutes before it is fully available.

When might I experience this management access delay?

You need to give the Ally ip100 sufficient time to complete its bootup, before accessing the management pages in the following scenerios:

  • After applying power to the Ally ip100
  • From the "reboot" management page. Upon selecting "reboot", you will see progress accuring within the browser window and then your session will be re-directed to the Login page. You may need to wait an additional 30 seconds or so before logging in. (The reboot progress shown on this page is a simulated time period and your actual time may vary.)
  • From the "Restore Factory Defaults" management page. You may need to wait 30 or so seconds after this process appears to complete.
  • From the "Firmware update" management page. You may need to wait 30 or so seconds after this process appears to complete.
  • From the "Save and Restore" configuration management page. You may need to wait 30 or so seconds after this process appears to complete.

Are there any other issues that can prevent access to the management pages? What about the use of IPSec, SSL or other VPNs?

There are no known issues with SSL VPNs and the location of the Ally appliance is not an issue.

If you will be locating the Ally ip100 within an IPSec encrypted tunnel, you will need to assign a static IP address to the device for management access.

Some further explanation may be useful:

IPSec encrypts traffic between two IPSec network VPN devices. If the Ally ip100 is installed between these two devices, it merely passes IPSec traffic across the device without inspecting it, as intended and designed in the IPSec protocol. It does apply protection to other non-IPSec encoded traffic. If the Ally ip100 is using 'stealth management mode' (default mode), it must be able to see and resolve DNS traffic in order to capture and assign itself an appropriate IP address during management access. If the DNS server is only reachable via an IPSec tunnel, the Ally ip100 cannot be located between the IPSec encrypting devices. You can either relocate the Ally ip100 to be the first or last device sitting just before or after the IPSec encrypting device. Or, you can set a static assigned IP address to the Ally ip100 and access the management pages by keying in:  http://X.X.X.X, replacing the X's with the appropriate static address.

There are no know issues with other VPN protocol at this time. However, if the VPN technology encrypts both the payload AND the headers, the location of the Ally appliance should be just before or after one of those endpoints to provide maximum protection benefits as discussed in the IPSec section above.

I can't tell if I successfully changed the password. Did it work?

The current version of the management console does not provide feedback upon successfully changing the adminisitrator's password. Logging out and logging back in will verify the password was successfully changed.

Why am I automatically logged off of the management pages periodically? Can this be turned off? Can the time be changed?

Overall, allowing multiple administrators to access a network security device from the same network segment that the device is protecting can be a security issue. It is important, both for security reasons, and for multi-administration access, that a user not tie up the management access by leaving a session logged in and inactive for long time periods. Therefore administrative logins have a 3 minute inactive logout setting that cannot be changed.

Why don't I don't see any events show up on the Event log management page?

You will need to wait a few seconds after accessing the event log page, before you will see actual events displayed in that field. This delay may occur because the page only displays the most recent 100 events. This information is pulled from the event log, which can contain thousands of events and therefore may take a few seconds before the most recent 100 events are displayed.

Can the event log management page refresh automatically?

The event log management page does not refresh automatically by design. You must manually refresh the event page, so that items you are currently reading do not seem to change or disappear.

Why can't I make changes on the notification page? Why does it take time to display? Why do some items appear to suddenly change by itself?

The notification management page is populated by pulling information from a range of services, such as the registry. Due to delays in gathering the appropriate information from these services, it can take up to 15 seconds before all of the items are populated and shown on the page. Some of these items are related to each other. This means that you may make one change, which will flip or change another item. Changes occur immediately, without requiring an "apply" process. However, you should wait 1-3 seconds after making a change to allow the device to 'show' that another option has therefore been changed accordingly. This delay may seem as if an item changed itself a few seconds after making the intended change.

Why doesn't my syslog or SNMP server recieve the events from my Ally ip100?

By default, the Ally security appliance only forwards events to syslog or SNMP servers that are located on the LAN, or 'protected' side of the appliance. It will not send events out the WAN, or 'outside' side. If you need to change this default, please contact Arxceo support during regular business hours. You will either be instructed to set a static IP address on the Ally ip100 or physically 'flip' the unit 180 degrees, though various configuration settings will also likely need to be adjusted for best security practices to be in place.

Are there any configuration changes required? What about switches that provide "spanning tree" or "portfast" functionality?

Yes, There  are some switches that do require a minor configuration change if the Ally appliance will be installed directly off a port on that switch . For switches that provide "spanning tree" functionality, such as a Cisco switch that has enabled the "portfast" option (providing spanning tree capability for that port),  you need to disable the "portfast" option. A s defined by Cisco's catalyst documentation you must disable the "portfast" option  for any network device that operates as a "Layer 2 Bridge". T he Ally appliances  operate fundamentally as layer 2 bridge devices.

My Switch is set to Autonegotiate speed and duplex. Should I change this default if installing an Ally ip100 off one of those ports?

The Ally ip100  has seen a few performance issues with certain switches in the field, due to a state sometimes called "flapping". The Ally ip100 only runs in full duplex, 100Mb/s (Fast Ethernet) mode. However, it may not properly  autonegotiate 100Mb/s full duplex with some networking devices, such as  several Cisco switches and PIX firewalls. For these devices, you may need to configure them to use 100Mb/s full duplex  ONLY  for the port that is assigned to the Ally appliance (instead of using "autonegotiate") .  For one particular situation, we created a custom image that has patched this issue which we can provide, but it has not been through our complete QA testing. This issue will be resolved with the release of Version 3 of Arxceo's Tag-UR-IT security engine. Please contact support@arxceo.com if you need assistance with this configuration change.

 

Latest News!

Attacks using Evasion Technique Highlights Problems with Signature-Based IPS

Arxceo Announces License Program and Ally Binary Engine Development Kit to Enable Anti-reconnaissance Defense for Network and Mobile Devices

Arxceo® Launches Ally™ Channel Program to Provide VARs with Revenue and Business Growth Opportunities in Security Market

Communication News writes about Arxceo's security appliance reducing workload

Arxceo Co-Founder to Bring Expertise in Anti-Reconnaissance Network Security Technologies to SecureWorld Multi-City Regional Expo

Arxceo’s Anti-Reconnaissance Security Appliance Turns the Table on Cyber Specialists at Engineering Conference

 

Copyright 2003 - 2007 Arxceo Corporation. All Rights Reserved.  Trademarks  Privacy Statement   Site Map