1. Set up network integration.
The configuration is performed independently for each instance of the system and is based on the composition of the network infrastructure and the tasks to be solved. Integration options are set on the “Instance” page.
2. Specify a license key and set limits.
The license key is set in the “License” card on the"System Settings" page. The license band values are set on the “Instance” page for each system instance independently.
3. Set up interaction via BGP.
Each instance of the system can announce prefixes, send and receive FlowSpec rules. BGP communication is configured separately for each instance on the “BGP” page.
Generate lists of prefixes, FlowSpec-rules and community.
To do so, select the desired instance in the “Local BGP Settings” card, specify its parameters and allow the connection to be established.
Specify local BGP settings for a specific system instance.
The cards always contain “system.flow.detect”, “system.policy.prefixes” and “system.policy.rules” lists. When you enable BGP announcements in a security policy, they are automatically substituted with the values from the routing rules leading to this policy.
Configure BGP neighbors.
BGP neighbors are configured for each instance. The BGP neighbor parameters specify which instance it belongs to, define the neighbor’s local settings and allow the connection to be established.
Form an announcement policy.
An announcement policy is formed for each neighbor. Announcement requires connectivity of an instance with a packet handler and a non-zero value of the license band being used. If the license band for the instance is not set, software bypass must be enabled.
4. Upload GeoIP databases to the system.
They are used in the “Filtering by country” countermeasure and in many other countermeasures when downloading a list of IP addresses. The upload is performed on the “System Settings” page.
5. Set up delivery channels for system events notifications.
Set the parameters for an email server connection, Telegram bot, or the Vestochka service in the “Notifications” card on the “System Settings” page.
6. Set up notifications via syslog.
7. Enable protection.
Turn on the main protection switch in the top panel of the MITIGATOR interface.
8. (Optional) Upload logos and background images for various interface themes.
The upload is performed on the “System Settings” page.
9. (Optional) Select the interface theme type and graph display style.
Set in the user profile settings.