Product Documentation Updates

2021

What's new in Product Documentation

We're constantly improving our live product documentation. Find out below what's new or updated.

This list is evolving, so be sure to check back often.

Tip: Click the item's version number to see the changes in the online docs for that version.

June 2021

New content

Advanced configuration parameter in AFA: SharedSyslogConfigRAs

Allows nodes (Remote Agents / Central Manager) to receive syslog messages from devices they do not directly manage.

VERSIONS: A30.10 | A32.00

May 2021

Updated content

CentOS 7 migration | Upgrade Syslog-ng to Java 11

Java 11 is mandatory for the log collection functionality of the external syslog-ng server in A32.00. Added explanations and tips when either replacing the existing syslog server or updating it.

VERSIONS: A32.00

Best practices for your AlgoSec VMware Deployment: Update

We've added some new important tips for your AlgoSec VMware Deployment.

VERSIONS: A32.00

Hotfix Upgrade | If you use a customized brand_config.xml

​If your AFA is currently using a customized brand_config.xml in /home/afa/.fa/plugins/BRAND, we recommend you contact AlgoSec support before updating your ASMS to verify that all updates will be implemented. See AlgoPedia article.

VERSIONS: A32.00

Azure deployments specification | SSD type clarification

Added more specific recommendation for Azure deployments on ASMS: Ensure that your Azure instance includes Premium SSD high performance storage, type P-20 and above.

VERSIONS: A32.00

April 2021

New content

ASMS Technical Security Standard (TSS) (version A32.00)

Describes the secure installation and administration of an AlgoSec Appliance 2xx3 series device, installed with AlgoSec Appliance software version A32.00 CentOS 7.​

VERSIONS: A32.00

FireFlow Advanced Parameters | Configure recommendations type when creating a work order

Added explanation of AddRecTypeWorkOrder parameter. You can set FireFlow recommendations when a Work Order is created, to modify a rule only, to add a new rule only or to enable to do either.

VERSIONS: A32.00

AlgoCare required ports

Added a step to open a unidirectional connection via Port TCP/9094 from ASMS to your AlgoCare DNS names.

VERSIONS: 1.2.0

CentOS 7 Migration | Added a tip for reassigning target machine previous ASMS IP address

If the IP address you are changing to has been used before on your system, connectivity may be blocked because the previous MAC address associated with the IP remains in cache. If this happens, wait until this resolves on its own (cache expires), or flush the switch caches that may hold old settings.

VERSIONS: A32.00

CentOS 7 Migration | Added 2 notes to the migration steps

​Performing any hardening procedures on the target machine before the migration process is complete may cause the migration to fail.

When relocating devices to the Central Manager (CM): first complete relocating devices to the CM before continuing to subsequent steps, or data loss may occur.

VERSIONS: A32.00

CentOS 7 migration prereq checks | added connectivity check from target node to mail server

​New prereq check: "The mail server [IP] on port [PORT] is unreachable from the target node [IP]".

VERSIONS: A32.00

New video

CloudFlow: Application-centric risk analysis and remediation using tags

In addition to the ability to filter risks for cloud types, accounts and regions, you can now focus your risk analysis and remediation on specific categories of risks identified by tags (key/value combinations) applied to the cloud platform assets. Customers can leverage this capability to focus on analyzing and remediating risks related to specific applications.

VERSIONS: A32.00.

Back to top

March 2021

New content

Configuring Load Balancers for AAD

New topic explains how to configure AutoDiscovery to discover traffic in an environment where load balancers are present.

VERSIONS: A32.00

FireFlow hook SuggestSectionName

SuggestSectionName is used to set the value of a section of new rule when work order suggests adding a new rule.

VERSIONS: A30.10 | A32.00

FireFlow hook SuggestRuleName

SuggestRuleName is used to set a rule name in change requests when the work order contains a rule that does not yet have a name (i.e. a new rule).

VERSIONS: A30.10| A32.00

FireFlow hook AllowZoneName

Use to allow zone names instead of the AFF recommendation in the work order. controls the Source Zone and Destination Zone Fields in Palo Alto (Panorama) Work Orders.

VERSIONS: A30.10 | A32.00

Updated content

Repurpose ASMS machine as an AutoDiscovery sensor

Procedure added explaining how to repurpose an ASMS machine to run as an AutoDiscovery sensor.

VERSIONS: A32.00

CentOS 7 migration | Added instruction to update VMware Tools

Added a step for virtual appliances source and target machines: to verify that the newest VMware Tools package version is installed and is up-to-date.

VERSIONS: A32.00

Updated VMware best practices page

Added further best practices recommendations for VMware.

VERSIONS: A32.00

Added considerations for Azure deployments

Added considerations for Azure deployments

VERSIONS: A32.00

New video

Setup AutoDiscovery for production

AutoDiscovery is so much easier to setup in A32. Find out how you setup AutoDiscovery for your production environment.

VERSIONS: A32.00.

Setup AutoDiscovery for PoC environments

AutoDiscovery is so much easier to setup in A32. Find out how you setup AutoDiscovery for your PoC environment.

VERSIONS: A32.00.

CloudFlow-ASMS Integration | Hybrid Network Connectivity Check

Running a connectivity check in CloudFlow allows you to observe how traffic is routed across your entire hybrid network. You can use this information to troubleshoot, reduce risk across the whole hybrid network, and more.

VERSIONS: A32.00.

Back to top

January -February 2021

New content

Best practices for your AlgoSec VMware Deployment

Added a new page, containing tips related to each VM in your distributed environment.

See Best practices for your AlgoSec VMware Deployment.

VERSIONS: A30.10| A32.00

Increase disk space of a new AlgoSec VM

Added a new page called Increase disk space of a new AlgoSec VM including a how-to video.

VERSIONS: A32.00

CentOS 7 Migration | Disk write speed for target

Added a requirement for disk write speed of CentOS 7 migration target: "We recommend disk write speed of at least 300MB/s; system performance will improve as the speed increases. Minimum allowable is 80MB/s. "

VERSIONS: A32.00

CentOS 7 Migration | FF Configured parameter

Added to VERSIONS: A32.00 Upgrade/migration steps. In Run system checks area: If you are not currently using FF, make sure that the value of the fireflow_configured parameter in /home/afa/.fa/config is set to no.

VERSIONS: A32.00

Updated content

CentOS 7 migration prereq checks | Bandwidth check enhanced to troubleshooting

Added a tip how to determine the bandwidth between the source machine and target.

VERSIONS: A32.00

CentOS 7 migration prereq checks | 2 additional NAS related checks added to troubleshooting

Added instructions for problems with NAS connectivity and permission levels.

VERSIONS: A32.00

CentOS 7 Migration | Tips to check your disk speed

Added tips how to check your disk speed and for VMware, to improve disk speed performance.

VERSIONS: A32.00

FAQueryDefaultGroup parameter description added

This parameter can be set to allow calculation of the initial plan phase in AFF on a Device Group instead of All Firewalls

VERSIONS: A30.10 | A32.00

Updated Device Setup Controller GET /api/v1/devices documentation

Removed a mistaken parameter from the API. This API has no request parameters.

See Get a list of devices.

VERSIONS: A30.10 | A32.00

Configuration Parameters for AppViz Updated

These AppViz configuration parameters have been added at the request of AppViz:

  • application.search.page_size

  • endpoint.recent.page_size

  • endpoint.search.page_size

  • service.recent.page_size

  • service.search.page_size

See Configure advanced AppViz properties.

VERSIONS: A30.10 | A32.00

Relocate device API, where to find UUID and use it

Clarification of UUID description.

VERSIONS: A30.10| A32.00

Updated Remove devices page

Updated explanation of where to get DeviceID parameter value.

VERSIONS: A32.00

RAID config added to docs

Tech docs page Prepare an AlgoSec hardware appliance specs list was updated with additional items.

See Prepare an AlgoSec hardware appliance.

VERSIONS: A30.10 | A32.00

Back to top