The CLI and the .vantronix Firewall Manager GUI
.vantronix provides powerful user interfaces for configuration, debugging and monitoring of the .vantronix security appliances. The .vantronix CLI is an enterprise-style command line interface for configuration, scripting and automation on the console and the .vantronix Firewall Manager is the new graphical user interface that is introduced with the .vantronix FW.47 release.

All configuration of .vantronix systems is based on the modular .vantronix command line interface (amCLI) - even the GUI is running CLI commands in the background. The CLI combines a style and feature set that is typical for networking appliances with innovations that are specific to .vantronix products. It includes a hierarchical command tree, a unified configuration and an integrated configuration versioning system. The CLI is powerful and supports scripting and automation in highly customized environments.

In addition to the specialized CLI, .vantronix allows access to a fully POSIX-compliant BSD/UNIX shell that is provided by the underlying OpenBSD operating system. Network enthusiasts and system administrators in UNIX environments can use the shell to work in a familiar way. The shell also provides additional scripting capabilities with custom shell or Perl scripts.

The POSIX Shell

A typical use case of the scripting and automation features is in environments with an automated deployment of packet filter rules, IP block lists or redirection entries. A centralized deployment server will use the industry-standard OpenSSH client with public-key based authentication to run commands on the .vantronix systems without any user interaction.

The Packet Filter supports various methods to simplify the typical task of automated deployments and to minimize the complexity of the ruleset. Large lists of IP addresses can be loaded into tables with up to millions of entries and referenced by single rules. Tables can be updated and modified at runtime without interruption and without reloading the ruleset itself. Subsets of the ruleset can be loaded into anchors and re-loaded into the main ruleset at runtime. Macros can pre-define common statements in the packet filter rules… The flexibility of the Packet Filter is great and scales in largest networks.

For example, the centralized server can upload IP lists to /etc/blacklist.txt on the appliance, use the "ip pf table" commands or use anchors to load sub-rulesets at runtime without any firewall interruption.

HP ProCurve Manager Plus (PCM+)
.vantronix provides support for SNMP, the Simple Network Management Protocol. This allows integration into Network Monitoring Systems (NMS) such as the HP ProCurve Manager (PCM+), the Network Node Manager or other solutions like Nagios. SNMP is disabled by default but can be enabled as a service on the CLI or GUI.

The new .vantronix Firewall Manager is a cross-browser graphical user interface that uses latest HTML5 web technologies to provide a powerful GUI with a clean and structured design. It runs like a very dynamic native application and does not feel like a traditional click-and-wait web interface.
The Firewall Manager GUI

The .vantronix Firewall Manager works on touch screen interfaces and embedded systems like the Apple iPad or iPhone using the embedded version of the Safari browser. It also runs on various different browsers like Mozilla Firefox 3.6 or later, Safari 5, or Microsoft Internet Explorer 7, 8 or later. An optional Add-On for Firefox allows using the latest Firewall Manager version without updating anything on the appliance itself.

The modular .vantronix command line interface (amCLI) is the backend of the Firewall Manager - all GUI content is based on CLI commands that are exchanged with the appliance and rendered on the client. The benefits of this approach are that the GUI will not waste any precious resources on the appliance and lets it focus on networking duties and that the GUI does not conflict with the CLI.

"vantronix-mgmt" is the SSL-based application server running at TCP port 8034 (official IANA port number).

The Firewall Manager GUI also includes powerful monitoring and logging capabilities; the logging allows to display, search, sort and filter occurred system and inspection events in real time. It is also possible to define a large number of custom logging filters that can be saved on the client and reloaded at any time. All log events are saved in an internal high-performance logging database on the appliance that provides all the sorting and filtering capabilities; additional logging to BSD SysLog files and servers is also supported.

The inspection and system events can be filtered and sorted in real time.

The Firewall Manager supports various configuration and status pages for the different subsystems of the .vantronix appliance. The main concepts of the GUI are that it does not 'bloat' the screen with many different icons - you can click or touch an item to get a context-specific dialog or drag and drop rules around to move them in the configuration.

The Packet Filter rule configuration.

Rules can be touched or clicked for additional actions.

The System Configuration Tree

The System Services

Network Interface Configuration

IPsec VPN, IKEv1 and IKEv2

The X.509 CA and Public Key Infrastructure (PKI)

The Relay and Load Balancer

The BGP Router

Packet Filter States (Stateful Packet Inspection)

The Web-based CLI

Login... and see more!