AlienVault. Unified Security Management 5.x Configuring a VPN Environment



Similar documents
AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management (USM) x Initial Setup Guide

How to send s triggered by events

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

User Management Guide

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Device Integration: Citrix NetScaler

Device Integration: Checkpoint Firewall-1

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Device Integration: CyberGuard SG565

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

IIS, FTP Server and Windows

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Deploying HIDS Client to Windows Hosts

F-SECURE MESSAGING SECURITY GATEWAY

How do I set up a branch office VPN tunnel with the Management Server?

Device Integration: Cisco Wireless LAN Controller (WLC)

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

OFFICE 365 SELF- CONFIGURATION GUIDE

Using Remote Desktop with the Cisco AnyConnect VPN Client in Windows Vista

SonicWALL Global Management System Installation Guide Entry Edition. Version 2.1

Basics of Port Forwarding on a Router for Security DVR s

AlienVault Offline Key Activation

F-Secure Messaging Security Gateway. Deployment Guide

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

Browser Client 2.0 Admin Guide

Aventail Connect Client with Smart Tunneling

Global VPN Client Getting Started Guide

User Guide Microsoft Exchange Remote Test Instructions

Hallpass Instructions for Connecting to Mac with a Mac

Setting up a VPN connection Windows XP

QUICK START GUIDE MONDOPAD/WIN

Setting Up Scan to SMB on TaskALFA series MFP s.

Mondopad v1.6. Quick Start

Important Notes for WinConnect Server ES Software Installation:

Polycom CMA System Upgrade Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Suricata IDS. What is it and how to enable it

CASHNet Secure File Transfer Instructions

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

NetBeat NAC Version 9.2 Build 4 Release Notes

How To Industrial Networking

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Edgewater Routers User Guide

Using Internet or Windows Explorer to Upload Your Site

PHD Virtual Backup for Hyper-V

How To Connect To A University Of Cyprus Vpn 3000 From Your Computer To A Computer With A Password Protected Connection

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

REMOTE DESKTOP SETUP INSTRUCTIONS

Spector 360 Deployment Guide. Version 7

Configuring a VPN for Dynamic IP Address Connections

Citrix Client Install Instructions

SonicWALL SSL VPN 3.5: Virtual Assist

Enterprise Manager. Version 6.2. Installation Guide

Nintex Workflow 2010 Installation Guide. Installation Guide Nintex USA LLC, All rights reserved. Errors and omissions excepted.

Netflow Collection with AlienVault Alienvault 2013

Edgewater Routers User Guide

How do I use Citrix Staff Remote Desktop

Configuring and Monitoring Citrix Branch Repeater

After you have created your text file, see Adding a Log Source.

Thirtyseven4 Endpoint Security (EPS) Upgrading Instructions

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

How to enable File Integrity Monitoring (FIM)

SevOne NMS Download Installation and Implementation Guide

Assets, Groups & Networks

Scenario: IPsec Remote-Access VPN Configuration

How to configure Linksys SPA for VOIP Connections

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

Accessing the Media General SSL VPN

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Contents Notice to Users

Installing SQL Express. For CribMaster 9.2 and Later

Secure Web Appliance. SSL Intercept

HIPAA Compliance Use Case

Web Remote Access. User Guide

Document Exchange Server 2.5

VERITAS Backup Exec TM 10.0 for Windows Servers

MobileStatus Server Installation and Configuration Guide

M2M Series Routers. Port Forwarding / DMZ Setup

Global VPN Client Getting Started Guide

Bosch ReadykeyPRO Unlimited Installation Guide, product version 6.5. This guide is item number DOC , revision 2.029, May 2012.

EMC Data Domain Management Center

Instructions for accessing the new TU wireless Network

SiteCount v2.0 Revised: 10/30/2009

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Symantec Database Security and Audit 3100 Series Appliance. Getting Started Guide

Backup & Disaster Recovery Appliance User Guide

WorldShip PRE-INSTALLATION INSTRUCTIONS: Step. Window (if available) Upgrade on a Single or Workgroup Workstation

Manual for configuring NIC VPN in Windows OS

eg Enterprise v5.2 Clariion SAN storage system eg Enterprise v5.6

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Transcription:

AlienVault Unified Security Management 5.x Configuring a VPN Environment

USM 5.x Configuring a VPN Environment, rev. 3 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM, and OSSIM are trademarks or service marks of AlienVault, Inc. All other registered trademarks, trademarks or service marks are the property of their respective owners. Revision to This Document Date June 8, 2015 August 13, 2015 October 2, 2015 October 30, 2015 Revision Description Original document. Adjust the order of configuration steps due to the changes in USM v5.1. Revised procedures in Appendix A due to the changes in USM v5.2. Added Updating a VPN. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 2 of 12

Contents Introduction... 4 Setting Up a VPN... 4 Configuring the VPN Server... 4 Configuring the VPN Client... 6 Verifying the VPN Connection... 7 Disabling a VPN Configuration... 7 Updating a VPN... 8 Appendix A - Building a VPN Tunnel When There Is No Connection Between the Server and the Client... 10 October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 3 of 12

Introduction Introduction Setting up Virtual Private Network (VPN) connection between AlienVault components allows all traffic to be encrypted and go through a secure tunnel. VPN environment in AlienVault consists of one and only one VPN server, and at least one VPN client. A VPN server can connect to multiple VPN clients, but an AlienVault appliance cannot be a VPN server and a VPN client at the same time. This document explains how to configure a VPN environment between AlienVault components. Setting Up a VPN Any AlienVault appliance can be a VPN server, but typically you would configure a USM Server or USM All-in-One to be the VPN server. The AlienVault Setup menu provides three options to setup a VPN: Enable/Disable VPN Configure VPN Server Configure VPN Client In USM v5.0, you will use the Enable VPN option first, then Configure VPN server. Starting from USM v5.1, however, you have to use the Configure VPN server option first, then Enable VPN. If you choose the Enable VPN option without configuring the VPN server first, the following error displays: VPN cannot be enabled without configuring a VPN server first. Configuring the VPN Server You have to be registered to see all options in the menu and configure a VPN server. To configure a VPN server 1. Connect by ssh to the AlienVault appliance that is going to be the VPN server. 2. Move to option System Preferences > Configure Network > Setup VPN > Configure VPN server. Press Enter. 3. On the Configure VPN server screen, press Enter (<Yes>). 4. Enter a virtual net to use. By default, it is always 10.67.68. Press Enter (<OK>). 5. Enter a VPN Netmask. By default, it is always 255.255.255.0. Press Enter (<OK>). 6. Enter a VPN Port. By default, it is always 33800. Press Enter (<OK>). 7. Move to the <Back> option and press Enter until the AlienVault Setup main menu appears. 8. Move to option Apply all Changes and press Enter. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 4 of 12

Setting Up a VPN Note: You will not be able to enable VPN without applying the changes first. Figure 1. Apply all Changes screen. 9. Press Enter (<Yes>). The system applies the changes and restarts some services. Then the message Changes Applied appears. 10. Press Enter (<OK>). The AlienVault Setup main menu appears. 11. Move to option System Preferences > Configure Network > Setup VPN > Enable/Disable VPN. Press Enter (<OK>). 12. Select yes by highlighting and pressing the space bar or using your mouse, and press Enter (<OK>). 13. Move to the <Back> option and press Enter until the AlienVault Setup main menu appears. 14. Move to option Apply all Changes. Press Enter (<OK>). 15. Press Enter (<Yes>) if you are sure about these changes. The system applies the changes and restarts some services. Then the message Changes Applied appears. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 5 of 12

Setting Up a VPN Configuring the VPN Client You have to do the VPN client configuration from the VPN server via the AlienVault Setup menu. To configure a VPN client 1. On the AlienVault Setup menu, move to option System Preferences > Configure Network > Setup VPN > Configure VPN client. Press Enter (<OK>). 2. Enter the Administration IP Address of the VPN client and press Enter (<OK>). 3. Enter the root password of the remote system. Press Enter (<OK>). 4. Select yes if you are sure about creating a VPN tunnel. Press Enter (<Yes>). It appears a message, see Figure 2. Figure 2. VPN client configured successfully 5. Press Enter. A screen appears to inform that the connection has been successfully created. 6. Press Enter (<OK>). If the process does not finish successfully and the message below appears instead, there is no connection between the server and the client. In this case, follow the steps included in Appendix A - Building a VPN Tunnel When There Is No Connection Between the Server and the Client. Figure 3. No connectivity error message while establishing the VPN tunnel October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 6 of 12

Verifying the VPN Connection Verifying the VPN Connection After setting up a VPN, you can verify if the connection works. To verify a VPN connection 1. Open a web browser using the VPN server IP and login with admin credentials. 2. Go to Configuration > Deployment > Components. Figure 4. Displaying Components on the web 3. Verify that the components display a VPN IP address. Disabling a VPN Configuration It is possible to disable a VPN configuration from both VPN server and VPN client. To disable a VPN configuration 1. Connect by ssh to the AlienVault appliance. 2. Move to option System Preferences > Configure Network > Setup VPN > Enable/Disable VPN. Press Enter. 3. Select no and press Enter (<OK>). 4. Move to the <Back> option and press Enter until the AlienVault Setup main menu appears. 5. Move to option Apply all Changes. 6. Press Enter (<OK>). 7. Press Enter (<Yes>) if you are sure about this change. The system applies the changes and restarts some services. Then the message Changes Applied appears. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 7 of 12

Updating a VPN Note: The configuration files and system-generated certificates remain in the appliance when you disable a VPN tunnel. You can enable the same tunnel again whenever is needed. Alternatively, if you decide to establish a new VPN tunnel on the same AlienVault appliance, simply go through the Setting Up a VPN procedures again. The system will overwrite the existing configurations. Updating a VPN You can update a VPN in case of being needed, but you have to update it following an order. First of all, you have to update the VPN Server and, then the VPN client. Note: It is recommended to disable the VPN before starting the update process. To update a VPN 1. Log in to your appliance using an account with administrative privileges. 2. Navigate to Configuration > Deployment > Components > AlienVault Center. The available updates appears in the New Updates column. Figure 5. AlienVault USM: pending new updates This update will either read Pach or Upgrade. Click on the notification to view the changelog and release notes. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 8 of 12

Updating a VPN Note: A Patch release contains fixes to defects in the software and will contain minimal functional changes. An Upgrade have more substantial functional changes and may contain functionality that changes existing workflows. 3. Review the release notes and changelog for any functional change that may disrupt existing workflows. 4. Scroll to the bottom of the screen and during an appropriate service window click Upgrade. 5. The process can take several minutes, after completion a message will be displayed in dicating a successful upgrade. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 9 of 12

Building a VPN Tunnel When There Is No Connection Between the Server and the Client Appendix A - Building a VPN Tunnel When There Is No Connection Between the Server and the Client If there is no connection between the VPN server and the client, an error occurs when you try to configure the VPN client, and a configuration file is created instead. In this case, it is necessary to configure the VPN client manually. Figure 6. No connectivity error showing where to locate the VPN configuration file To configure the VPN client manually 6. Obtain the VPN client configuration file: a) On the VPN server, the error message reveals where the configuration file is located: /etc/openvpn/nodes/<client_ip>.tar.gz Where: <client_ip> is the IP address that you specified when configuring the VPN client. b) Go to the AlienVault Setup main menu and select the option Jailbreak System. c) Press Enter (<Yes>). The command line prompt appears. d) Using scp, or other means of your choice, copy the configuration file to the AlienVault appliance that is going to be the VPN client, place it in /etc/alienvault/network. e) Type Exit to come back to the AlienVault Setup main menu. Note: You may need to change the VPN server IP address to its external IP in the configuration file in order for the VPN client to access it. 7. Deploy the VPN client manually: a) ssh to the VPN client, move to option System Preferences > Configure Network > Setup VPN > Configure VPN client from file. Press Enter (<OK>). b) Select the entry with the correct IP address for the VPN client, press Enter (<OK>). October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 10 of 12

Building a VPN Tunnel When There Is No Connection Between the Server and the Client c) Confirm that it is the correct configuration file copied from the VPN server, press Enter (<Yes>). The system extracts from the configuration file and sets it up. 8. If the VPN client is a USM Sensor, and if it has not been setup before, follow the procedures below: Note: If the USM Sensor has already been setup before the VPN configuration, this step can be skipped. See Verifying the VPN Connection instead. a) On the USM Sensor, go to the AlienVault Setup main menu and select Configure Sensor > Configure AlienVault Server IP. Press Enter (<Yes>). b) Enter the VPN IP address of the VPN server. Press Enter (<Yes>). c) Move to Configure Sensor > Configure AlienVault Framework IP. Press Enter (<Yes>). d) Enter the VPN IP address of the VPN server. Press Enter (<Yes>). e) Move to the <Back> option and press Enter until the AlienVault Setup main menu appears. f) Move to option Apply all Changes and press Enter. g) Open a web browser using the VPN server IP and login with admin credentials. h) Go to Configuration > Deployment > Components > Sensors. The following message appears: Figure 7. Insert a new client on the web. i) Click Insert. A new screen with a form appears. j) Fill in the fields and click Save. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 11 of 12

Building a VPN Tunnel When There Is No Connection Between the Server and the Client 9. If the VPN client is a USM Logger or another USM Server, follow the prodecures described in Configuring a Remote Logger, but use the VPN IP address instead. October 30, 2015 USM 5.x Configuring a VPN Environment, rev. 3 Page 12 of 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information