Home
Guardian
Installation Guide
Information and resources on how to install Guardian, and the different options and settings that are available.
Additional settings
Configure an internal firewall
Do this procedure to configure the internal firewall to restrict access to components such as: the management interface, the secure shell (SSH) terminal, the simple network management protocol (SNMP) service, and internet control message protocol (ICMP) of the full stack edition.

Guardian
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
  - Introduction
  - Physical installation
  - Virtual installation
  - Container installation
  - Basic configuration
  - Additional settings
    - Network requirements
    - Install an SSL certificate
      You need to install a secure sockets layer (SSL) certificate to securely encrypt traffic between client computers and the Nozomi Networks Operating System (N2OS) sensor over hypertext transfer protocol secure (HTTPS).
    - Install a CA certificate
      If an issuing certificate authority (CA) for the hypertext transfer protocol secure (HTTPS) certificate is not immediately trusted, you will need to install a certificate authority (CA) certificate to the Nozomi Networks Operating System (N2OS) sensor.
    - Enable SNMP
      To monitor the health of the Nozomi Networks Operating System (N2OS) sensor, you need to enable the simple network management protocol (SNMP) daemon.
    - Internal firewall configuration
      It is possible to configure the settings of an internal firewall to restrict access to specific items.
    - Configure an internal firewall
      Do this procedure to configure the internal firewall to restrict access to components such as: the management interface, the secure shell (SSH) terminal, the simple network management protocol (SNMP) service, and internet control message protocol (ICMP) of the full stack edition.
    - Management-interface packet-rate protection
      A description of internal packet-rate protection, which is enabled by default.
    - Disable internal packet-rate protection of the management interface
      If necessary, do this procedure to disable internal packet-rate protection in the management interface.
    - Configure IPv6
      You can configure IPv6 to access physical and virtual sensors. This is not possible for container installations.
    - Enable 802.1x on the management interface
      This topic describes how to enable 802.1x support for the management interface. Configuration of the RADIUS server and the creation of possible certificates are not discussed
    - USB port disablement
      The Nozomi Networks Operating System (N2OS) does not support universal service bus (USB) ports.
    - Turbo capture mode enablement
      A description of how to configure the turbo capture mode, in order to handle higher traffic loads.
  - Compatibility Reference
  - Federal Information Processing Standards
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Configure an internal firewall

Do this procedure to configure the internal firewall to restrict access to components such as: the management interface, the secure shell (SSH) terminal, the simple network management protocol (SNMP) service, and internet control message protocol (ICMP) of the full stack edition.

To limit access to these services, you must use the command-line interface (CLI) to add the required configurations.

In the top navigation bar, select
The administration page opens.
In the Settings section, select CLI.
The CLI page opens.
In the CLI, enter the necessary configuration lines.
Note: For example, the lines below permits connections only from networks 192.168.55.0/24 or from the host 10.10.10.10:
```
conf.user configure system firewall https 192.168.55.0/24, 10.10.10.10
```
Log into the text console, either directly, or through secure shell (SSH).
To apply the new settings, enter this command:
```
n2os-firewall-update
```

The internal firewall has been configured.