Module 5: Introducing NetXplorer

Introducing NetXplorer
ACTE Training (Enterprise Track)

ACTE (Enterprise Track) 1

Module 5: Introducing NetXplorer

• What is NetXplorer?

• Installing the Client

• Getting Started with NX GUI

In this module, we introduce the NetXplorer. By the end of the module, you will know
how to install and get started with the GUI and how to perform the initial
configuration. We finish with some examples of a typical NetXplorer workflow. We
begin by asking what is NetXplorer?

ACTE (Enterprise Track) 2

Module 5: Introducing NetXplorer

What is NetXplorer?

Management Umbrella for Allot Service Gateways and Services

• Service Gateway configuration

• Policy provisioning capabilities
• Management of traffic and system alerts
• Accounting information collection and
export for billing purposes

NetXplorer is a scalable central management umbrella for Allot platforms and

services.
Using the NetXplorer, you can configure Allot’s SG, SMP and ClearSee products, build
traffic policies for the Service Gateways to enforce and perform troubleshooting and
problem analysis for your network.
NetXplorer enables you to define and manage traffic and system alerts to assure a
proactive approach to network management. You can also use it to collect accounting
information which can then be exported for billing purposes.
Note that the NetXplorer’s accounting interface is not within the scope of this course.

ACTE (Enterprise Track) 3

Module 5: Introducing NetXplorer

• What is NetXplorer?

• Installing the Client

• Getting Started with NX GUI

NetXplorer consists of a server and client. Let’s now see how to install the NetXplorer
client.

ACTE (Enterprise Track) 4

Module 5: Introducing NetXplorer

NX Client Installation Process

http://<NetXplorer_IP>

• Installation process:

Install Java JRE

Launch NetXplorer

The NetXplorer Client installation comprises of two steps:

1. Installing the Java runtime environment
2. Installing the NetXplorer applet
The installation starts at the NetXplorer home page. From your browser, access
http://<your_NetXplorer_address>.
The NetXplorer Control panel is displayed.
Click the “Install Java JRE first” link, to start the first step of installation.

ACTE (Enterprise Track) 5

Module 5: Introducing NetXplorer

NX Client Installation
1. Open your Internet
browser, and access
http://<<NX-addr>>

2. Click the “Install Java JRE

First” link. Choose the
“Microsoft Windows” or
Other Users option,
according to your Client
machine parameters.

3. OpenJDK.msi file will be

downloaded.

To install Java JRE, open your Internet browser, and access http://<<NX-addr>>. In the
pop-up window, click the “Install Java JRE First” link.
Choose the “Microsoft Windows” or Other Users option, according to your Client
machine parameters. OpenJDK.msi file will be downloaded.

ACTE (Enterprise Track) 6

Module 5: Introducing NetXplorer

NX Client Installation (2)

4. On AdoptOpenJDK setup
wizard click on Next

5. Accept the License

agreement when prompted

6. On the Custom Setup

window select
“IcedTea-Web” Associate.jnlp
option

7. Proceed with the installation

OpenJDK Package setup wizard will open. Click next and Accept the License
agreement when prompted.
On the Custom Setup window select “IcedTea-Web” Associated.jnlp option and
proceed with the installation.

ACTE (Enterprise Track) 7

Module 5: Introducing NetXplorer

NX Client Installation (3)

8. With OpenJDK installed, access
http://<your_NX_address>
once again

9. Choose “Launch NetXplorer” option

10. netxplorer.jnlp file will be

downloaded.

11. Run the netxplorer.jnlp file to

log on to NetXplorer application.

When the installation is complete, an icon

that launches the NetXplorer user
interface appears on your desktop.

With OpenJDK installed, access http://<your_NX_address> once again.

Now choose to Launch NetXplorer. “netxplorer.jnlp” file will be downloaded. Click on
it and accept the security warning question.
You will be prompted to log into the NetXplorer user interface.
When the installation is complete, an icon that launches the NetXplorer user
interface appears on your desktop.
The default username is “admin”; The default password is “allot”

ACTE (Enterprise Track) 8

Module 5: Introducing NetXplorer

NX GUI Installation: Basic Troubleshooting

What should you do if GUI fails to load?

• Disable pop-up blocking for NetXplorer

• Disable “Empty temporary internet files
folder when browser closed” security option
• Delete all offline content
• Check that relevant firewall ports are open
• Try to use a different browser

More details in Advanced ACPP Course

In the event that the NetXplorer GUI fails to load, consider the following actions:
1. Disable pop-up blocking for NetXplorer.
2. For Internet Explorer users, disable 'Empty Temporary Internet Files folder when
browser closed'
a) From the Tools menu, select Internet Options.
b) Select the Advanced Tab and Scroll down to Security
c) Clear the Empty Temporary Internet Files folder when browser closed
checkbox.
d) Click OK, and attempt to access the NX through the browser.
3. Make sure the browser cache file is not saturated:
a) From the Internet Explorer tools menu, select Internet Options.
b) On the General tab, click Delete Files.
c) Select the Delete all offline content checkbox and click OK.
4. If there is a firewall between the GUI Client and the NetXplorer Server, check that all
required ports are opened. A detailed list is available on the Allot Knowledge Base in
the Technical Note: ATN 1811.
5. If the problem persists, try to access the NetXplorer via the Java Web Start
Application Manager. Note that a full treatment of how to troubleshoot problems
loading the NX GUI is included in the ACPP Advanced Course.

ACTE (Enterprise Track) 9

Module 5: Introducing NetXplorer

• What is NetXplorer?

• Installing the Client

• Getting Started with NX GUI

10

Now that the client has been installed, we will now see how to get started working
with the NetXplorer User Interface.

ACTE (Enterprise Track) 10

Module 5: Introducing NetXplorer

Main Screen Areas

Details area

Menu bar

Toolbar

Navigation Pane

Alerts Log

11

The NetXplorer user interface is comprised of the following sections:

The Menu bar. This provides access to the key functionality of the NetXplorer
applications.
The Toolbar. This offers shortcut buttons which provide easy access to key NetXplorer
functionality. The available shortcuts on the right side of the window depend on the
selected entity in the details area.
The Navigation pane. This is divided into two sections. The lower portion of the
Navigation pane enables you to select and open various NetXplorer applications. The
upper portion of the pane displays a tree-like list of subcomponents or entries
according to the application selected.
The Application Details pane. This displays data regarding the currently active
applications and operations.
Finally, the Alarms log displays a list of the alarms triggered by the alarm definitions.
The Alarms log is automatically refreshed every 30 seconds.

ACTE (Enterprise Track) 11

Module 5: Introducing NetXplorer

Typical Workflow

1. Select a view - the navigation

pane changes accordingly 3
2
2. Click or perform an action on
an entity

3. Details are displayed in the

details area
1

Can navigate to details area

previously opened
12

When performing any task in the NetXplorer, you will normally work in the following
order of steps:
1. From the lower part of the navigation pane, select the area of the product you
wish to work with – e.g: Network, Catalogs, Events/Alarms etc. The upper part
of the navigation pane will change accordingly.
2. Click the entity you wish to work with from the upper part of the navigation
pane. You can now select an action to perform on the selected entity.
3. The details area changes to reflect the selected entity and the action performed
on it.
A tab is displayed at the bottom of the pane for each open application. You can easily
navigate between the open applications by clicking the tabs.

ACTE (Enterprise Track) 12

Module 5: Introducing NetXplorer

Registering the NetXplorer

Tools →
NetXplorer Application NX Licensing
Server Registration Key

Supported
Features 13

In order to use the NetXplorer you must enable the NetXplorer Server by entering the
appropriate key.
To enable the NetXplorer Server, select Tools > NetXplorer Application Server
Registration from the NetXplorer Menu bar. The NetXplorer Application Server
Registration dialog box appears. Enter the Server Registration Key and Serial Number
provided by Allot to enable the NetXplorer Server functionality.
An Expiration Date will be generated automatically after clicking Save.
Note that an expiry date will appear even when you have purchased a permanent key.
This reflects the expiry of the service contract and is relevant for the APU feature
only, which will cease to work once the service contract has expired.
Click Save to enter the key and close the dialog box.

ACTE (Enterprise Track) 13

Module 5: Introducing NetXplorer

Managing the Network

• NX can manage several AOS and

Management platforms. 2

• To manage the Network:

1. Select a ‘Network’ view on the
bottom of the navigation pane
2. Right Click on the ‘Network’
button on the top of the 1
Navigation pane

14

NX can manage several AOS and Management platforms.

To manage the Network: Select a ‘Network’ view on the bottom of the navigation
pane. Right Click on the ‘Network’ button on the top of the Navigation pane.

ACTE (Enterprise Track) 14

Module 5: Introducing NetXplorer

Network Management Options

There are many possibilities of Network Management:

1. Add New Allot Device Under Network:
• Service Gateway • Service Gateway
• SMP
• Data Mediator Add new Allot
• ClearSee Device
Under Servers:
2. View Network reports • SMP
• Data Mediator
3. Network Configuration • ClearSee Servers

4. and much more… View Network

Reports

• The Service Gateways are located

under the ‘Network’ root tree.
Network
• All other type of Allot Servers’ (DM, SMP,…) Configuration
are located under ‘Servers’ root tree.
15

Right clicking on “network” will make several options available for managing the
network.
In the first section, you can add new Allot platforms to the NetXplorer tree for
management. These include:
• NetEnforcer: (collective name for the SG, SSG and the virtualized SG included in
the ACG)
• SMP (included in the Gateway Manager)
• DM (included in the Gateway Manager and the ACG)
• ClearSee (included in the Gateway Manager)
In the second section you can view long-term or real time network reports if you have
chosen to activate NetXplorer reporting.
There is also a section for “Network Configuration” where you can configure
asymmetry and other network options.

You will see that there are two root trees in the network pane – the Network tree and
the Servers tree. Under the network tree we add the Service Gateways that are to be
managed by the NetXplorer. Under the Servers tree we can add SMP, Data Mediator
and ClearSee servers.

ACTE (Enterprise Track) 15

Module 5: Introducing NetXplorer

Adding Allot Servers To The NX

• To add SG to NX:
Add Service
1. Right-click the Network and Gateway
select New NetEnforcer SG Name
and Password
2. Enter the Name and Password
for the SG (default: allot)

3. Provide SG IP Address
(IPv4 or IPv6 format)

SG IP Address

• For secure mode operation between NX and SG

please refer to ATN 2005 – Security Hardening. 16

To add a Service Gateway to the Network tree, we will first of all need its IP address.
1. In the Navigation pane, right-click the Network in the Navigation tree and select
New NetEnforcer from the popup menu. The NetEnforcer Properties dialog is
displayed.
2. Enter a name for the Service Gateway. This is the name that will appear in the
Network tree. Now enter the admin user password of the Service Gateway (The
default password for the admin user is allot. It is possible to change this default
password using a script on the SG) and the IP address of the SG in the designated
fields and click OK.
The SG is added to the Navigation tree. The New NetEnforcer operation can take up
to a couple of minutes to fully complete.

For secure mode operation between NX and SG please refer to ATN 2005 – Security
Hardening.

ACTE (Enterprise Track) 16

Module 5: Introducing NetXplorer

Managing the Service Gateway

• To manage the Service Gateway:

1. Select the Service Gateway that you
want to manage and right click on it
2. Choose the ‘Configuration’ option

SG Status

17

Once you have added a Service Gateway, you can view and modify its configuration
parameters remotely via the NX. To view configuration and configure SG:
In the Navigation pane, select and right-click the SG in the network tree and select
Configuration from the popup menu. The Configuration window for the selected
entity is displayed.
After modifying configuration parameters, you must select Save in order for the
changes to take effect. The save process prompts a reset of the device. Resetting is
required to ensure that the saved parameter values are committed and activated on
the SG.

ACTE (Enterprise Track) 17

Module 5: Introducing NetXplorer

SG Configuration: General Tab

Right Click on SG →
Configuration →
General Tab →

SG Status

Is SG Active?

18

The General tab includes parameters that provide system status information. Status
indicates whether or not the SG is operating in Active or in Bypass mode. Bypass
Setting indicates whether the bypass is set to standalone or active (where relevant),
or if it is not connected at all. Remote Bypass was relevant for a type of redundancy
(parallel redundancy) which is not longer supported on AOS platforms.

ACTE (Enterprise Track) 18

Module 5: Introducing NetXplorer

Registering the SG: Identification & Key Tab

Licensing
Right Click on SG →
Key
Configuration →
Identification & Key Tab

Supported
Features

SG Version
19

The Identification & Key tab includes parameters that provide system information
and activate optional SG modules. Scroll down here to show all of the configured
license fields. Note that there is no need to reboot the SG when you add a new key.
For some licensed attributes, you can see here the current used value and the highest
value during the last seven days.

ACTE (Enterprise Track) 19

Module 5: Introducing NetXplorer

SG Configuration: Interface Tab

Port Usage: (Network by default)
• External Switched redirection
• External Direct Redirection
• Asymmetry
• LAG Member

Action on Failure:
If one port is down
• No action: do nothing
• Fail Paired port: paired port
goes down too
• Fail all ports: all ports go down
• Bypass device

20

The Date/Time tab includes the date, time and NTP (Network Time Protocol) server
settings for the Service Gateway. When adding a device the primary NTP is set as the
NetXplorer Server IP. The user may change the NTP server only using CLI commands
on the SG.

ACTE (Enterprise Track) 20

Module 5: Introducing NetXplorer

SG Configuration: Networking Tab

In Networking Tab you can enable/disable:

• Bypass Unit
• HTTP User Defined Signatures
• Predictive DPI used in steering
• Tethering condition catalogs

21

The networking tab includes parameters that help you configure the network
topology.
When using active redundancy configuration, you need to disable the Bypass unit.
This tab is also the place to set the redundancy mode in which you are working.
These issues were explained fully in Appendix – Advanced Service Gateway
Configurations.
The networking tab is also the place to enable “HTTP User Defined Signatures” (more
information in next modules).

ACTE (Enterprise Track) 21

Module 5: Introducing NetXplorer

SG Configuration: IP Properties Tab

In the IP Properties Tab you can modify:

• Host Name
• DNS server

22

The IP Properties tab enables you to modify the IP and host name configuration of
your network interfaces, as well as the DNS server parameters.

ACTE (Enterprise Track) 22

Module 5: Introducing NetXplorer

SG Configuration: Date/Time Tab

In the Date/Time Tab you can modify:

• NTP Server

NetXplorer Secondary
• NetXplorer should be defined as a Server NTP Server
default primary NTP Server for SG.
Default Configure
• Changing NTP settings (primary or via CLI
adding secondary server) can be done
only by using CLI commands on the SG.

23

The Date/Time tab includes the date, time and NTP (Network Time Protocol) server
settings for the Service Gateway. When adding a device the primary NTP is set as the
NetXplorer Server IP. The user may change the NTP server only using CLI commands
on the SG.

ACTE (Enterprise Track) 23

Module 5: Introducing NetXplorer

Users Configuration
User Name
& Password

Role

Add User

24

In order to log in to the NetXplorer GUI, User name and password must be
authenticated. User accounts may be configured to be authenticated either by the
internal NetXplorer user database or by an external RADIUS AAA system.
NetXplorer implements a role-based security model. The role defined for each
authorized user indicates the scope of operations that can be performed by the user.
Roles can only be defined by an administrator. The administrator should access the
Users Configuration Editor dialog from the ‘Tools’ menu.
From here you can add a new user, provide its password and role.
There are four types of NetXplorer roles:
Monitor: A user assigned this role has read-only access. The Monitor user can view
monitoring reports, graphs and alarms. However, the monitor cannot add, change or
delete anything within the NetXplorer application.
Regular: The Regular user has complete read and write privileges in the NetXplorer
application, except reading and writing User Configuration definitions.
Administrator: Same as Regular user, except that an Administrator user has reading
and writing privileges for User Configuration. A user that has been assigned the
Administrator role can configure new users, edit user details, or delete users. Note:
there must be at least one Administrator user in the system.
DPO (Data Protection Officer): DPO user is required for enabling the GDPR
requirement of Individual Rights.

ACTE (Enterprise Track) 24

Module 5: Introducing NetXplorer

Advanced Users Configuration

Password
Management

Password
strength

Advanced
Options

25

By choosing “advanced” from the user configuration editor, you can configure
password stringency options, such as password strength and how often a password
must be changed.
There is also a possibility to demand a password change at first login, to increase
security and prevent working with a default password.

ACTE (Enterprise Track) 25

Module 5: Introducing NetXplorer

External Authentication Configuration

Add Server
(LDAP/RADIUS)

Protocol
Configuration

26

External Authentication enables authentication of all users logging into NetXplorer by

integration with an external RADIUS AAA Server. Authentication verifies the existence
of a user and validates their request.
A RADIUS Server being used for authentication must be configured to enable the
NetXplorer to forward authentication requests to it, and should contain all required
users in its database, along with their passwords and roles. Multiple RADIUS servers
may be used for authentication.
In case the external AAA Server rejects an authentication request for any reason, the
user will be authenticated using the NetXplorer Server Internal database.
All authentication attempts are written to the ExtAuth.log on the NetXplorer server.
In the External Authentication area, select the Enable External Authentication
checkbox. Enter the Client Identifier information as well as the Request Timeout (how
long before an unanswered request will time out) and The Request Retries (how
many times a request will be attempted).
Click Add to add RADIUS, TACACS+ or LDAP servers to the authentication lists.

ACTE (Enterprise Track) 26

Module 5: Introducing NetXplorer

Review Question

You want to add the following Allot Platforms to the NX

GUI. Under which section will they be added?

Network Servers

SG-9100 SG-VE SMP DM SSG-600 CS NX

27

You wish to add the following Allot Platforms to the NX GUI. Under which section will
they be added?
Answers:
• All AOS platforms should be added under “Network”: SG-9100, SG-VE, SSG-600
• All Management platforms should be added under “Servers”: SMP, DM, CS
• NX is the management platform itself, so it would not be added anywhere.

ACTE (Enterprise Track) 27

Module 5: Introducing NetXplorer

Review Question

Which of the tasks listed on the right can be

performed by which user types?

Disable Bypass
General Tab
Unit

Port Usage Interface Tab

System Status Identification & Key Tab

Supported
Networking Tab
Features

28

You wish to add the following Allot Platforms to the NX GUI. Under which section will
they be added?
Answer:
• SG status can be seen on “General” tab (Active/Bypass).
• Ports usage and action on failure is configured on “Interface” tab.
• SG license defines all supported features, and they can be viewed on Identification
& Key tab.
• Enabling/Disabling of Bypass unit is done on the Networking Tab.

ACTE (Enterprise Track) 28

Module 5: Introducing NetXplorer

Review Question

Which of the tasks listed on the right can be

performed by which user types?

Regular Add a new Virtual Channel

Set up a new user with

Administrator
monitor privileges

View most active

Monitor protocols currently
running on the network

29

Which of the tasks listed on the right can be performed by which user types?
Answer:
• Administrator privileges allow all actions: Set up a new user with specific access,
changing the Policy Table and to monitor the network activity.
• Regular privileges allow everything except definitions of users (for new or existing
users).
• Monitor privileges does not allow monitor only, with no policy table changes or
catalogs creation.

ACTE (Enterprise Track) 29

Module 5: Introducing NetXplorer

Exercise

Introducing NetXplorer
5.1 Installing NetXplorer Client

5.2 SG Configuration using NX GUI

5.3 Creating Catalogs

5.4 NetXplorer Users

5.5 Adding Service Gateway to the NetXplorer

5.6 NetXplorer Alarms

30

ACTE (Enterprise Track) 30

Module 5: Introducing NetXplorer

31

ACTE (Enterprise Track) 31