Configuring a detection server for an Endace card
After installing DLP as a Network Detection server there are additional configuration options that must be done both on the detection server and within the Enforce UI.
Installing the Endace card on the detection server
The first problem to be aware of is to make sure the Endace drivers and software is installed in a folder that has no spaces, c:\endace instead of the default: c:\program files\endace
From the Enforce server copy the dagextraconfig.bat from c:\vontu\protect\bin to c:\endace\dag-3.3.1\bin. Do not worry that this bat file is commented out, an error will be generated if this file is missing
Change the boot.ini to enable the /3GB switch
If you are running Windows Server 32-bit on the detection side the 3GB switch needs to be enabled in the boot.ini file. The following steps need to be done:
- Change the attributes on the file from the command type: attrib.exe –s –h –r c:\boot.ini
- Open the boot.ini in notepad
- Copy the line that reads like: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /noexecute=alwaysoff
- At the end of the line add /3GB /userva=3030 so it will look like this: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /noexecute=alwaysoff /3GB /userva=3030
- Restart the detection server
Once the span port is connected to the Endace card traffic can be verified by opening a command line, navigating to the c:\Endace\dag-3.3.1\bin directory and type: dagsnap –d0 –v –o tracefile, traffic should be displayed in the window.
Changing settings on the Enforce UI
The following settings need to be changed within the Enforce UI in order for Network Monitor to work correctly with an Endace card.
In the UI for Enforce navigate to System -> Overview and then select the correct detection server. Click on the Server Settings button and make changes to the following items::
- PacketCapture.IS_ENDACE_ENABLED from false to true
- PacketCapture.ENDACE_BIN_PATH to the location you installed the software to (c:\endace\dag-3.3.2\bin)
- PacketCapture.ENDACE_LIB_PATH to the location you installed the software to (c:\endace\dag-3.3.2\lib)
- PacketCapture.ENDACE_XILINX_PATH to the location you installed the software to (c:\endace\dag-3.3.2\xilinx)
After making the above changes, restart the Vontu services on each detection server using an Endace card. Once the services are back from restarting, select Configure, dag0 should be then select the Endace card