Configure ASMS machines

This section describes how to access the ASMS Administration Interface, also known as the algosec_conf menu CLI, and perform basic configurations on your ASMS appliances.

Configure or de-configure NAS storage as needed for your deployment or upgrade, and test your installation and configuration after making system changes.

Connect to the Administration Interface

Connect to the ASMS Administration Interface, or conf menu CLI as follows:

During initial setup

Do one of the following:

  • AlgoSec Hardware Appliances: Connect directly (with a monitor/VGA cable) or via an iLO connection, depending on the way you prepared the appliance. For more details, see Prepare an AlgoSec hardware appliance.
  • Virtual Appliances: Connect via a remote console.
After initial setup Connect to the administration interface via SSH.

Back to top

Perform basic configurations

This procedure describes how to configure an ASMS machine's IP address, as well as other basic settings.

Note: Configuring the IP address is mandatory during initial configuration.

Do the following:

  1. Connect to the Administration interface. For details, see Connect to the Administration Interface.

  2. Enter 1 to do any of the following:

    • Configure a static IP address
    • Configure DHCP
    • Look up the IP address, after configuring DHCP

    Tip: We recommend using static IP addresses for Central Manager appliances, primary nodes, Load Slaves or Remote Agents, and so on.

    Note: If you are working with clusters, and you change the IP address for an HA cluster, you must re-build the cluster afterward.

    For details, see Build a cluster.

  3. Configure any of the following options by entering the relevant number:

    • Configure the time and date
    • Configure a DNS server
    • Configure a DNS domain name
    • Change the machine's hostname
    • Change the root password
    • Change the afa password
    • Reset the AFA admin password
    • Reset the database password

    For more details, see Connect to the Administration Interface.

  4. When you're done, enter Q to exit.

Back to top

Configure NAS storage

This procedure describes how to configure AFA to store all reports on a remote NAS server.

NAS storage support

ASMS supports NAS storage configurations as follows:

Supported protocols

NFSv4 (default) and NFSv3, depending on the NAS server.

ASMS attempts to connect first via NFSv4, and if it cannot, automatically uses NFSv3.

Deployment types

VMs with an AlgoSec-provided image deployed and AlgoSec Hardware Appliances only.

HA clusters

Configure NAS on the primary node.

When you build the cluster, NAS is automatically configured on the secondary node.

DR clusters

Secondary nodes can have their own NAS server at the disaster recovery site.

In such cases, customers are responsible for configuring the communication synchronization between the NAS servers at the primary and disaster recovery sites.

Load distribution architectures

Load distribution architectures are supported with NFSv4 only.

Configuring NAS for the Central Manager automatically configures NAS for all Load Units.

Do the following:

  1. Log on to the NAS server, and create a new directory in a shared space.

  2. Connect to the Administration interface on your ASMS machine. For details, see Connect to the Administration Interface.

  3. Enter 11 to configure NAS. The system confirms that NAS is not configured.

  4. Enter 1 to set NAS for storing system reports. The system displays a message similar to the following:

    You are about to configure a NAS server for storing system reports.

    Note: No changes will take place without your final approval.

    Before adding NAS configuration, your reports will be copied to
    the following directory: algosec/firewalls_back_algosec/groups_back
    algosec/matrices_back algosec/fwfiles_back

    Once NAS configuration completes successfully, you may copy the
    data back to the original directories.

  5. Enter the NAS server IP.

  6. Enter the NAS mount path. This is the directory that you created on the NAS server in step 1.

    The system confirms by displaying the NAS configuration IP, mount path, and NFS version.

    For example:

    NAS configuration details:

    NAS server IP: <NAS IP you entered>

    NAS Mount path: <NAS mount path you entered>

    NFS version: NFSv4

    Tip: If you specifically want to use NSFv3, change the NFS version manually.

  7. The system prompts you to confirm the details. Enter y to confirm.

    If there is already content present in the mount path directory, the system prompts you to continue with one of the following:

    1. Abort NAS addition

    2. Delete directory content

    3. Use directory content

  8. Enter 3 to use directory content.

    If you have Load Units configured, the system configures NAS on the Load Units as well.

    When the configuration is complete, the following message appears:

    NAS configured successfully

  9. Copy reports from algosec/firewalls_back_algosec/groups_back algosec/matrices_back algosec/fwfiles_back to your newly moutned NAS directory.

    For example: algosec/firewalls algosec/groups algosec/matrices algosec/fwfiles

NAS storage is now enabled and ASMS can connect to the NAS server.

Note: To check NAS status at any time, connect to the Administration interface again and enter 11.

The system confirms whether or not NAS is configured for your system.

Back to top

Deconfigure NAS storage

Deconfigure NAS if needed as part of a larger process, or if you don't want reports to be stored on your remote NAS server.

Note: When NAS is deconfigured for a Master Appliance, it is automatically deconfigured for all Load Units.

Do the following:

  1. Log on to the NAS server.

  2. Connect to the ASMS machine's Administration Interface. For details, see Connect to the Administration Interface.

  3. Back up your data by copying the reports from the mounted NAS directory. For example, copy the files from algosec/firewalls algosec/groups algosec/matrices algosec/fwfiles to a backup directory at algosec/firewalls_back_algosec/groups_back algosec/matrices_back algosec/fwfiles_back.

  4. From the ASMS Administration Interface, enter 11 to deconfigure NAS.

    The system displays the NAS configuration details, and prompts you to select whether you want to check the NAS connectivity status or remove the NAS server.

  5. Enter 2 to remove the server.

    The system prompts you to confirm that you want to remove the existing configuration.

  6. Enter y to confirm.

    NAS is removed from any Load Units, as needed. When NAS is fully removed, the following message appears:

    NAS removal succeeded. Press 'Enter' to go back to main menu.

    *NAS is not configured*

  7. Copy your reports to your production directories and remove them from the remote NAS server.

NAS is deconfigured, and ASMS no longer connects to the remote NAS server.

Back to top