Configure ASMS machines

This section describes how to access the ASMS Administration Interface, also known as the algosec_conf menu CLI, and perform basic configurations on your ASMS appliances.

Connect to and Utilize the Administration Interface

Connect to the ASMS Administration Interface, or algosec_conf menu CLI as follows:

During initial setup

Do one of the following:

  • AlgoSec Hardware Appliances: Connect to algosec_conf directly (with a monitor/VGA cable) or via an iLO connection, depending on the way you prepared the appliance. For more details, see Prepare an AlgoSec Hardware Appliance.
  • Virtual Appliances: Connect via a remote console.
After initial setup Connect to algosec_conf via SSH.

  1. If iLO is available on your appliance:

    1. Open the console.
    2. In a browser, navigate to the IP address of the iLO interface. By default, this is done via DHCP.
    3. Log in using the username and password printed on the sticker on top of the hardware appliance.
    4. Select Remote Console in the menu on the left.
    5. Click Java Integrated Remote Console.

    The system prompts you for your login credentials.

  2. If iLO is not available on your appliance, use a monitor/VGA cable to connect directly.

  3. Log into the machine as user root.

    Default password: algosec.

    The algosec_conf main menu is displayed:

    Tip: Click the links in the simulation below to display details about each action, respectively.

    Please select a configuration item:

    1. Configure IP address

    2. Configure Time and Date

    3. Configure DNS Server

    4. Change DNS domain name

    5. Change Hostname

    6. Change root password

    7. Change afa password

    8. Upgrade software

    9. Reset AFA admin password

    10. Reset database password

    11. Configure NAS

    12. Install License

    13. HA/DR Setup

    14. Product and cloud configuration

    15. Distributed Architecture configuration

    16. Migrate ASMS units

    17. System health

    18. Collect Logs

    Q Logout

    Press 'a' to exit to shell

    Your choice:

    >

  1. Connect to the IP address of your machine via your SSH client.

  2. Login as user root with password algosec.

  3. When the algosec_conf main menu is displayed, perform the configuration actions you require:

    4. Tip: Click the links in the simulation below to display details about each action, respectively.

Please select a configuration item:

1. Configure IP address

2. Configure Time and Date

3. Configure DNS Server

4. Change DNS domain name

5. Change Hostname

6. Change root password

7. Change afa password

8. Upgrade software

9. Reset AFA admin password

10. Reset database password

11. Configure NAS

12. Install License

13. HA/DR Setup

14. Product and cloud configuration

15. Distributed Architecture configuration

16. Migrate ASMS units

17. System health

18. Collect Logs

Q Logout

Press 'a' to exit to shell

Your choice:

>

Basic configurations

This section describes how to configure basic settings.

Do the following:

  1. Connect to the Administration interface. For details, see on this page Connect to and Utilize the Administration Interface.

  2. Do any of the following. When you are done, enter Q to exit.

Configure IP address

This section describes configuration of an ASMS machine's IP address.

For changing the address of a Remote Agent, see To change the IP address of a Remote Agent.

Note: Configuring the IP address is mandatory during initial configuration.

Note: if you change the IP address of the ASMS Central Manager and you use the machine as the Application Discovery Server, be sure to update the Application Discovery configuration. On the Central Manager:

  1. Go to the algosec_conf menu, and enter option 14 - Product configuration.

  2. Enter option 2 - AutoDiscovery configuration

  3. Enter option 2 - Configure AutoDiscovery on local machine (POC).

  4. Enter the new IP address of the Central Manager.

In the algosec_conf main menu, enter 1 Configure IP address to do any of the following:

1. Configure static device IP address

Tip: We recommend using static IP addresses for Central Manager appliances, primary nodes, Load Units or Remote Agents, and so on.

2. Use dynamic IP configuration (DHCP)

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

After configuring DHCP, you can look up the IP address.

Note: If you are working with clusters, and you change the IP address for an HA cluster, you must re-build the cluster afterward. For details, see Build a cluster.

Configure Time and Date

In the algosec_conf main menu, enter 2 Configure Time and Date to do any of the following:

1. Change time zone

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

2. Configure NTP server

 You can add or remove NTP server.

3. Set Data and time

Requires AlgoSec services to be restarted.

Note: might cause users that are logged into the AlgoSec Suite to be logged off.

Configure DNS Server

In the algosec_conf main menu, enter 3 Configure DNS Server to do any of the following:

1. Add new DNS server

 Add new DNS server.

2. Remove DNS Server

 Remove DNS server.

Change DNS domain name

In the algosec_conf main menu, enter 4 Change DNS domain name:

Please enter a new domain name (press 'a' to abort):

>

Change Hostname

In the algosec_conf main menu, enter 5 Change Hostname:

Please enter a new hostname (press 'a' to abort):

>

Change root password

In the algosec_conf main menu, enter 6 Change root password:

Please enter a password for user root (press 'a' to abort):

>

Change afa password

In the algosec_conf main menu, enter 7 Change afa password:

Please enter a password for AFA (press 'a' to abort):

>

Password resets

  • In the algosec_conf main menu, enter 9 to reset the AFA admin password (web-interface).
  • In the algosec_conf main menu, enter 10 to reset the database password.

Product and cloud configuration

In the algosec_conf main menu, enter 14 Product and cloud configuration. Four options appear:

1. FireFlow configuration

 To run the FireFlow setup program.

2. AutoDiscovery configuration

To set up AutoDiscovery.

3. Cloud integration

  1. Onboard AlgoSec SaaS components:

    To integrate CloudFlow with ASMS, follow steps in ASMS-CloudFlow integration.

    To Integrate ObjectFlow with ASMS, follow steps in ASMS-ObjectFlow integration.

    To Integrate AppViz with ASMS, follow steps in ASMS-AppViz integration.

  2. HTTP tunnel Configuration. For troubleshooting purposes only. See Troubleshoot AlgoSec SaaS HTTPS tunnel.

4. AlgoBot configuration

 To configure AlgoBot with ASMS, see .Welcome to AlgoBot.

System Health

In the algosec_conf main menu, enter 17 System health. Three options appear:

1. Check services status

 To check that basic ASMS processes are running on your machines

2. Check system health

The Check System Health option checks your system against prerequisites of the current build.

To check your system's health, choose:

  1. Quick check: an abridged check. (Quick Check does not include checks for:
    disk speed, disk space for DBschema upgrade, device complexity levels, and whether all devices in the firewall_data.xml are also in the DB).

  2. Full check: a full check (takes longer because includes all checks).

For the text file report of your system health, see /var/log/algosec_toolbox/system_check_output.json.

Tip: You can also check system health straight from the CLI. Log into your ASMS machine and enter:

algosec_conf --check-system-health -[check type]

For check type use the controls: q for quick check; f for full check. For example, for full check:

algosec_conf --check-system-health -f

3. Check upgrade readiness

You can check your system's readiness for upgrade by running checks based on prerequisites of the version/build you want to upgrade to. Before running the check, download build files to your system. To download the builds, See Download ASMS software packages.