If you are deploying a full ASMS system out-of-the box, use the following list to prepare for deployment and ensure that you've configured your system as recommended.
For more details, see also Download ASMS software packages and ASMS system security.
Infrastructure and analytics
Deploy ASMS infrastructure
| Step | Description |
|---|---|
| AlgoSec architecture recommendation review |
Work with AlgoSec to understand our architecture recommendations for your needs. |
| Infrastructure component provisioning |
Ensure that your hardware or virtual components meet our system requirements. For details, see System requirements. |
| Standalone appliances |
Deploy your pre-installed, standalone VMware virtual appliance or AlgoSec hardware appliance. For details, see Deploy standalone appliances. |
| High-availability / Disaster recovery configuration |
Set up your environment, including high availability or disaster recovery clusters, as well as load or geographic distribution. For details, see:
|
| Load distribution / remote distribution configuration |
AlgoSec Firewall Analyzer deployment tasks
| Step | Description |
|---|---|
| Licensing application |
Install your license. For details, see: |
| Networking estate provisioning |
Populate AFA with your devices. For details, see Manage devices. |
| Environment visibility and accuracy validation |
View your network map in AFA and confirm that it displays as expected. For details, see AFA's graphic network map. |
| Authentication and authorization configuration |
Define how AFA handles user authentication and authorization. Best practice: Whenever possible, leverage LDAP/LDAPS for authentication. This enables all ASMS users to log in easily, including change requestors, application owners, auditors, and so on. Configuring LDAP/LDAPS for ASMS also enables auto-provisioning, which means that users are automatically created and assigned to their appropriate roles based on their LDAP group membership, without any additional configuration. For details, see Configure user authentication. |
| User and role configuration |
Define AFA users and their roles. For details, see AFA users and roles. |
| Outbound mail integration configuration |
Configure AFA to send email notifications. For details, see Configure event-triggered notifications. |
| Storage and retention configuration |
Configure AFA settings for data storage. For details, see Storage. |
| Infrastructure component monitoring |
Configure monitoring systems for each ASMS product. For details, see:
Best practice: Deploy WatchDog monitoring to provide the broadest and most up-to-date set of system parameters to be monitored. Direct syslog messages WatchDog to your enterprise NOC. |
| Schedule AFA analysis |
Configure AFA settings for scheduled analysis jobs. For details, see Schedule analysis. |
Network visibility and awareness
Build your ASMS network topology
| Step | Description |
|---|---|
|
Sanity end-to-end traffic simulation |
Run an end-to-end traffic simulation query to ensure that the data presents as expected. For details, see Run traffic simulation queries. |
| Network topology modeling & adjustment |
After viewing default reports and query results, you may want to adjust the way AFA displays your data. For details, see: |
Intelligent policy change automation
Deploy AlgoSec FireFlow
| Step | Description |
|---|---|
| FireFlow initial setup |
FireFlow templates and workflows are fully configurable. We recommend using the default configuration to get started, and then customizing FireFlow as needed. For details, see: |
| FireFlow sanity-check request |
Create a sample change request and push it through the entire workflow to test each step in the process. For details, see Request changes. |
Application discovery and management
Deploy AlgoSecAppViz
| Step | Description |
|---|---|
| AppViz initial setup |
Set up AppViz to view your network details from a business perspective. For details, see: |
| AppViz sanity-check application |
View data for your application from AppViz to test each feature. For details, see Business applications. |
| AlgoSec AutoDiscovery Deployment tasks |
Install and configure AutoDiscovery so that AppViz can automatically detect your flows and applications. For details, see Install AutoDiscovery. |
Yes 
No 
