What's new in Product Documentation
We're constantly improving our live product documentation. Find out below what's new or updated.
This list is evolving, so be sure to check back often.
Tip: Click the item's version number to see the changes in the online docs for that version.
How to Increase disk space of a new AWS instance
We've added a new topic that explains how to increase the disk space of a newly deployed AWS instance (running CentOS 7) by extending your out-of-the-box storage device.
How to create a custom FMC user role for Cisco Firepower
We've added details about required permissions for creating a custom FMC user role for Cisco Firepower devices.
Check upgrade readiness
Algosec_conf menu item 17 Services Status has been changed to System Health. You can check your system's compliance with prerequisite requirements by running upgrade readiness checks prior to upgrading your system. First download build files to your system. Then, in the algosec_conf menu, enter option 17 System health, and enter 3 Check upgrade readiness. To check services status, enter option 1.
Out-Of-Box commands for baseline compliance
We've added a list of OOB commands to run baseline compliance reports per vendor/device type.
CentOS 7 migration | Updated software download procedures
We updated the Portal's Download > Software > Download AlgoSec Security Management Suite section. Now for the A32.00 upgrade/migration, you can to download software packages for all nodes in one place. This ensures that all the builds you use during the procedure are the same. We've updated the documentation to reflect this.
ASMS system architecture diagrams
Updated traffic specified between Central Manager and HA / DR Site.
CentOS 7 migration | Prereqs for Mail and NAS server connectivity
We added new prereq requirements for port connectivity to NAS and Mail servers for the migration target machine.
June - July 2021
Advanced configuration parameter in AFA: SharedSyslogConfigRAs
Allows nodes (Remote Agents / Central Manager) to receive syslog messages from devices they do not directly manage.
Updated Deployment Checklist
We've updated the Deployment Checklist.
New parameters for Traffic Simulation Query API
You can now choose to include in the response: source/destination zones of rule of zone-based devices (includeRulesZones) and devices paths (includeDevicesPaths).
Configure an external Syslog server for AFA messages
Updated instructions to configure an external Syslog server for AFA messages.
CentOS 7 migration | Upgrade Syslog-ng to Java 11
Java 11 is mandatory for the log collection functionality of the external syslog-ng server in A32.00. Added explanations and tips when either replacing the existing syslog server or updating it.
Best practices for your AlgoSec VMware Deployment: Update
We've added some new important tips for your AlgoSec VMware Deployment.
Hotfix Upgrade | If you use a customized brand_config.xml
If your AFA is currently using a customized brand_config.xml in /home/afa/.fa/plugins/BRAND, we recommend you contact AlgoSec support before updating your ASMS to verify that all updates will be implemented. See AlgoPedia article.
Azure deployments specification | SSD type clarification
Added more specific recommendation for Azure deployments on ASMS: Ensure that your Azure instance includes Premium SSD high performance storage, type P-20 and above.
ASMS Technical Security Standard (TSS) (version A32.00)
Describes the secure installation and administration of an AlgoSec Appliance 2xx3 series device, installed with AlgoSec Appliance software version A32.00 CentOS 7.
FireFlow Advanced Parameters | Configure recommendations type when creating a work order
Added explanation of AddRecTypeWorkOrder parameter. You can set FireFlow recommendations when a Work Order is created, to modify a rule only, to add a new rule only or to enable to do either.
AlgoCare required ports
Added a step to open a unidirectional connection via Port TCP/9094 from ASMS to your AlgoCare DNS names.
CentOS 7 Migration | Added a tip for reassigning target machine previous ASMS IP address
If the IP address you are changing to has been used before on your system, connectivity may be blocked because the previous MAC address associated with the IP remains in cache. If this happens, wait until this resolves on its own (cache expires), or flush the switch caches that may hold old settings.
CentOS 7 Migration | Added 2 notes to the migration steps
Performing any hardening procedures on the target machine before the migration process is complete may cause the migration to fail.
When relocating devices to the Central Manager (CM): first complete relocating devices to the CM before continuing to subsequent steps, or data loss may occur.
CentOS 7 migration prereq checks | added connectivity check from target node to mail server
New prereq check: "The mail server [IP] on port [PORT] is unreachable from the target node [IP]".
CloudFlow: Application-centric risk analysis and remediation using tags
In addition to the ability to filter risks for cloud types, accounts and regions, you can now focus your risk analysis and remediation on specific categories of risks identified by tags (key/value combinations) applied to the cloud platform assets. Customers can leverage this capability to focus on analyzing and remediating risks related to specific applications.
Configuring Load Balancers for AAD
New topic explains how to configure AutoDiscovery to discover traffic in an environment where load balancers are present.
FireFlow hook SuggestSectionName
SuggestSectionName is used to set the value of a section of new rule when work order suggests adding a new rule.
FireFlow hook SuggestRuleName
SuggestRuleName is used to set a rule name in change requests when the work order contains a rule that does not yet have a name (i.e. a new rule).
FireFlow hook AllowZoneName
Use to allow zone names instead of the AFF recommendation in the work order. controls the Source Zone and Destination Zone Fields in Palo Alto (Panorama) Work Orders.
Repurpose ASMS machine as an AutoDiscovery sensor
Procedure added explaining how to repurpose an ASMS machine to run as an AutoDiscovery sensor.
CentOS 7 migration | Added instruction to update VMware Tools
Added a step for virtual appliances source and target machines: to verify that the newest VMware Tools package version is installed and is up-to-date.
Updated VMware best practices page
Added further best practices recommendations for VMware.
Added considerations for Azure deployments
Added considerations for Azure deployments
Setup AutoDiscovery for production
AutoDiscovery is so much easier to setup in A32. Find out how you setup AutoDiscovery for your production environment.
Setup AutoDiscovery for PoC environments
AutoDiscovery is so much easier to setup in A32. Find out how you setup AutoDiscovery for your PoC environment.
CloudFlow-ASMS Integration | Hybrid Network Connectivity Check
Running a connectivity check in CloudFlow allows you to observe how traffic is routed across your entire hybrid network. You can use this information to troubleshoot, reduce risk across the whole hybrid network, and more.
January -February 2021
Best practices for your AlgoSec VMware Deployment
Added a new page, containing tips related to each VM in your distributed environment.
Increase disk space of a new AlgoSec VM
Added a new page called Increase disk space of a new AlgoSec VM including a how-to video.
CentOS 7 Migration | Disk write speed for target
Added a requirement for disk write speed of CentOS 7 migration target: "We recommend disk write speed of at least 300MB/s; system performance will improve as the speed increases. Minimum allowable is 80MB/s. "
CentOS 7 Migration | FF Configured parameter
Added to VERSIONS: A32.00 Upgrade/migration steps. In Run system checks area: If you are not currently using FF, make sure that the value of the fireflow_configured parameter in /home/afa/.fa/config is set to no.
CentOS 7 migration prereq checks | Bandwidth check enhanced to troubleshooting
Added a tip how to determine the bandwidth between the source machine and target.
CentOS 7 migration prereq checks | 2 additional NAS related checks added to troubleshooting
Added instructions for problems with NAS connectivity and permission levels.
CentOS 7 Migration | Tips to check your disk speed
Added tips how to check your disk speed and for VMware, to improve disk speed performance.
FAQueryDefaultGroup parameter description added
This parameter can be set to allow calculation of the initial plan phase in AFF on a Device Group instead of All Firewalls
Updated Device Setup Controller GET /api/v1/devices documentation
Removed a mistaken parameter from the API. This API has no request parameters.
Configuration Parameters for AppViz Updated
These AppViz configuration parameters have been added at the request of AppViz:
Relocate device API, where to find UUID and use it
Clarification of UUID description.
Updated Remove devices page
Updated explanation of where to get DeviceID parameter value.
RAID config added to docs
Tech docs page Prepare an AlgoSec hardware appliance specs list was updated with additional items.