Updated
Dec 25th, 2015
First Posted
Dec 25th, 2015

ET/AutoMgr

The ET/AutoMgr is an application that can automatically create rules based on events that occur on your network. Examples of what the AutoMgr can do: 1) Set Firewall Block rules based on the Country, domain or organization associated with a detected IP Address. 2) Set Tags based on Country, domain or organization that can be used in tests for rules. An example would be tagging Address as from a particular country; you can then control all of those addresses with a single rule 3) You can set bandwidth limits for detected hosts based on their activity on your network. For example, if someone is detected using more then 2 Mb/s, you can create a limit rule to limit the host 4) You can set longer limits than the bandwidth manager can manage. For example, suppose you have a group of rules. The AutoMgr can monitor the rules and changed the limits based on longer term usage. So if a rule is using 5Mb/s for more than 10 minutes, you can set the limit to a lower level. This implements longer term "bursting" than the standard Bandwidth manager allows.

Managing Traffic From Different Countries

Blocking traffic from China and Russia will save you a world of worry about the constant hacking attempts and probes. Rather than setting rules for 1000s of IP blocks, the AutoMgr can detect traffic as it arrives and set a block. These tells tell the AutoMgr to set block rules in section Blocks, and sets each IP detected from Russia to a tag. The tag can be used in a firewall or bandwidth rule to manage all traffic from russia. This single firewall rule will block all traffic from Russia.

Managing Domains

The ET/BWMGR's internal DNS manager and location Database allow the AutoMgr to decode IP addresses as they are encountered and check them against criteria. Large entities have many IP addresses and the DB isn't 100% accurate, so using a combination of source creates a better way to catch at much as possible. Take the following rule: This rule will tag all IPs with either: 1) Are marked in the database as belonging to facebook 2) have a reverse DNS name that contains Facebook While this may seem trivial, it's really extremely powerful when dealing with abusive organizations, crawlers and scrapers.

Managing Traffic

The most powerful capability of the AutoMgr is the ability to do long term download management. Typically, you want to allow customers to download at high speed for a reasonable amount of time. The standard bwmgr allows you to allow to control time of a single burst level, but when you want to tier downloads, it cannot do that alone. The AutoMgr provides that Capability. Suppose that you wanted to allow the following: 1) Allow 3Mb/s bandwidth usage for up to 1 minute 2) After 1 minute, the allowable download shall be 2Mb/s 3) After 5 minutes, the allowable download shall be 1Mb/s 4) Once Usage has diminished, restore the Default bandwidth limits Things like this can be achieved with the AutoMgr. This rule monitors a Group named customers (this can also be a section). We check each rule periodically to see the usage rate for the last minute. if usage is over 3Mb/s for 1 minute, we set the bandwidth limit to 2Mb/s. If greater than 1.9 is maintained for 5 minutes, bandwidth is kicked down to 1Mb/s. the final rule resets the rules to default any time usage is < 512K for any 5 minute period. It's important to understand that policies are processed in order, and once a rule matches, other policies will not be matched. So, for example, if a rule is > 3Mb/s in the last 1 minute, it will not check 2, 3 or 4. So it's important to order your policies correctly.
Add Comment

Next: Using the TOR Database