Users Guide

Table Of Contents
Dell Networking W-Series ArubaOS 6.4.x| User Guide External Services Interface | 1086
Chapter 43
External Services Interface
The External Services Interface (ESI) provides an open interface that is used to integrate security solutions that
solve interior network problems such as viruses, worms, spyware, and corporate compliance. ESI allows
selective redirection of traffic to external service appliances such as anti-virus gateways, content filters, and
intrusion detection systems. When “interesting” traffic is detected by these external devices, it can be dropped,
logged, modified, or transformed according to the rules of the device. ESI also permits configuration of
different server groups—with each group potentially performing a different action on the traffic.
You can configure ESI to do one or more of the following for each group:
l Redirect specified types of traffic to the server
l Perform health checks on each of the servers in the group
l Perform per-session load balancing between the servers in each group
l Provide an interface for the server to return information about the client that can place the client in special
roles such as “quarantine"
ESI cannot function or send information across an IPSec tunnel.
ESI also provides the ESI syslog parser, which is a mechanism for interpreting syslog messages from third-party
appliances such as anti-virus gateways, content filters, and intrusion detection systems. The ESI syslog parser is
a generic syslog parser that accepts syslog messages from external devices, processes them according to user-
defined rules, and then takes configurable actions on system users.
Topics in this chapter include:
l Sample ESI Topology on page 1086
l Understanding the ESI Syslog Parser on page 1088
l Configuring ESI on page 1091
l Sample Route-Mode ESI Topology on page 1098
l Sample NAT-mode ESI Topology on page 1102
l Understanding Basic Regular Expression (BRE) Syntax on page 1107
The ESI feature requires that the Policy Enforcement Firewall Next Generation (PEFNG) license is installed on the
controller.
Sample ESI Topology
In the example shown in this section, ESI is used to provide an interface to the AntiVirusFirewall (AVF) server
device for providing virus inspection services. An AVF server device is one of many different types of services
supported in the ESI.