Configure ASMS machines

This section describes how to access the ASMS Administration Interface, also known as the algosec_conf menu CLI, and perform basic configurations on your ASMS appliances.

Connect to and Utilize the Administration Interface

Connect to the ASMS Administration Interface, or algosec_conf menu CLI as follows:

During initial setup

Do one of the following:

  • AlgoSec Hardware Appliances: Connect to algosec_conf directly (with a monitor/VGA cable) or via an iLO connection, depending on the way you prepared the appliance. For more details, see Prepare an AlgoSec hardware appliance.
  • Virtual Appliances: Connect via a remote console.
After initial setup Connect to algosec_conf via SSH.

Basic configurations

This section describes how to configure basic settings.

Do the following:

  1. Connect to the Administration interface. For details, see on this page Connect to and Utilize the Administration Interface.
  2. Do any of the following. When you are done, enter Q to exit.

Back to top

Configure IP address

This section describes configuration of an ASMS machine's IP address.

For changing the address of a Remote Agent, see To change the IP address of a Remote Agent.

Note: Configuring the IP address is mandatory during initial configuration.

Note: if you change the IP address of the ASMS Central Manager and you use the machine as the AutoDiscovery Server, be sure to update the AutoDiscovery configuration. On the Central Manager:

  1. Go to the algosec_conf menu, and enter option 14 - Product configuration.

  2. Enter option 2 - AutoDiscovery configuration

  3. Enter option 2 - Configure AutoDiscovery on local machine (POC).

  4. Enter the new IP address of the Central Manager.

In the algosec_conf main menu, enter 1 Configure IP address to do any of the following:

1. Configure static device IP address

Tip: We recommend using static IP addresses for Central Manager appliances, primary nodes, Load Units or Remote Agents, and so on.

2. Use dynamic IP configuration (DHCP)

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

After configuring DHCP, you can look up the IP address.

Note: If you are working with clusters, and you change the IP address for an HA cluster, you must re-build the cluster afterward. For details, see Build a cluster.

Back to top

Configure Time and Date

In the algosec_conf main menu, enter 2 Configure Time and Date to do any of the following:

1. Change time zone

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

2. Configure NTP server

You can add or remove NTP server.

3. Set Data and time

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

Back to top

Configure DNS Server

In the algosec_conf main menu, enter 3 Configure DNS Server to do any of the following:

1. Add new DNS server

Add new DNS server.

2. Remove DNS Server

Remove DNS server.

Back to top

Change DNS domain name

In the algosec_conf main menu, enter 4 Change DNS domain name:

Please enter a new domain name (press 'a' to abort):

>

Back to top

Change Hostname

In the algosec_conf main menu, enter 5 Change Hostname:

Please enter a new hostname (press 'a' to abort):

>

Back to top

Change root password

In the algosec_conf main menu, enter 6 Change root password:

Please enter a password for user root (press 'a' to abort):

>

Back to top

Change afa password

In the algosec_conf main menu, enter 7 Change afa password:

Please enter a password for AFA (press 'a' to abort):

>

Back to top

Password resets

  • In the algosec_conf main menu, enter 9 to reset the AFA admin password (web-interface).
  • In the algosec_conf main menu, enter 10 to reset the database password.

Back to top

Product and cloud configuration

In the algosec_conf main menu, enter 14 Product and cloud configuration. Four options appear:

To run the FireFlow setup program.

To set up AutoDiscovery.

3. Cloud integration

  1. Onboard AlgoSec SaaS components:

    To integrate AlgoSec Cloud with ASMS, follow steps in ASMS-AlgoSec Cloud integration.

    To Integrate ObjectFlow with ASMS, follow steps in ASMS-ObjectFlow integration.

  2. HTTPS tunnel Configuration. For troubleshooting purposes only. See Troubleshoot AlgoSec SaaS HTTPS tunnel.

To configure AlgoBot with ASMS, see Welcome to AlgoBot.

System Health

In the algosec_conf main menu, enter 17 System health. Three options appear:

 

To check that basic ASMS processes are running on your machines

To check your system's health, choose:

  1. Quick check: an abridged check. (Quick Check does not include checks for:
    disk speed, disk space for DBschema upgrade, device complexity levels, and whether all devices in the firewall_data.xml are also in the DB).

  2. Full check: a full check (takes longer because includes all checks).

For the text file report of your system health, see /var/log/algosec_toolbox/system_check_output.json.

Tip: You can also check system health straight from the CLI. Log into your ASMS machine and enter:

algosec_conf --check-system-health -[check type]

For check type use the controls: q for quick check; f for full check. For example, for full check:

algosec_conf --check-system-health -f

You can check your system's readiness for upgrade by running checks based on prerequisites of the version/build you want to upgrade to. Before running the check, download build files to your system. To download the builds, See Download ASMS software packages.

Back to top