Skybox Securoty Appliance 5500, Quick Start Manual

Page 1: ...Skybox Appliance 5500 Quick Start Guide 8 5 400 Revision 11 ...

Page 2: ...eval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Skybox Security Skybox Skybox Security Skybox Firewall Assurance Skybox Network Assurance Skybox Vulnerability Control Skybox Threat Manager Skybox Change Manager Skybox Appliance 5500 6000 7000 8000 and the Skybox Security logo are either registe...

Page 3: ...kybox Appliance 12 System configuration 13 Configuring connection 13 Setting up the Appliance for configuration 15 First time configuration 15 Network naming schema in CentOS 7 16 What s next 16 Configuring the Appliance 18 Configuration and management options 18 Setting up SNMP configuration 20 Setting up network interface bonding 20 Supported bond modes 21 RADIUS authentication 22 Changing the T...

Page 4: ...ance to factory defaults 31 Monitoring SNMP 32 Troubleshooting 34 Change log 35 Wiping the hard disk drive 37 Regulatory and safety information 38 Product regulatory compliance 38 Safety compliance 38 EMC compliance Class A compliance 39 Environmental requirements 39 Product regulatory compliance markings 39 Electromagnetic compatibility notices for the server board 42 ...

Page 5: ...additional Skybox component the Collector which connects to data sources and imports the data to the Server The Skybox Server and Collector are preinstalled on Skybox Appliance and run at startup In this chapter Basic architecture 5 Related documentation 5 Basic architecture The Skybox platform consists of a 3 tiered architecture with a centralized server Skybox Server data collectors Skybox Colle...

Page 6: ...re included in the shipping carton Skybox Appliance 5500 Rack mount kit Front bezel AC power cord RJ45 to DB9 serial console cable Skybox Quick Start Guide 2 DVDs Skybox Installs Skybox on the Appliance it contains the Skybox software and additional Appliance documentation Restore Appliance Restores the Appliance to factory settings Physical specifications The physical features of Skybox Appliance...

Page 7: ...Compliant standards Ctick NRTL CE FCC EMC BSMI KC and more For detailed information see Regulatory and safety information on page 38 Environmental specifications Environmental specifications for Skybox are listed in the following table Property Limits Operating temperature 10 C to 35 C with the maximum rate of change not to exceed 10 C per hour Non operating temperature 40 C to 70 C Non operating ...

Page 8: ...lable through EPG Product Regulations MTBF estimates for Skybox Appliance The estimated mean time between failures MTBF and Failures in Time FIT for Skybox Appliance 5500 are listed in the following table Subassembly MTBF hours FIT failures 10 9 hours Intel Server Board S1200V3RPM 371523 2692 Backplane board 935180 1069 Power supply 450W MiniERPS 967300 1034 Cooling fan 1 fixed fans 490000 2041 Co...

Page 9: ...MI button recessed tool required for use C NIC 1 activity LED D NIC 3 activity LED E System cold reset button F System status LED G Power button with integrated LED H Hard drive activity LED I NIC 4 activity LED J NIC 2 activity LED Front panel LED functions LED Color state Description Power Sleep Green on Power on Green blinking Sleep Off Power off NIC LEDs Green on Network link but no network ac...

Page 10: ...s failure voltage power supply critical temperature and voltage Amber blinking Non Critical Alarm Redundant fan failure redundant power module failure non critical temperature and voltage Off Power off System unplugged Power on System powered off and in standby no prior degraded non critical critical state Back panel connectors Skybox Appliance 5500 s back panel includes the following connectors P...

Page 11: ...tem partitions Skybox Appliance s file system is partitioned as follows SWAP 4 GB tmp 5 of the entire space 20 of the entire space var 45 of the entire space opt The rest of the disk Note On machines with less than 200 GB of disk space Skybox is installed on a single partition ...

Page 12: ...munications lines connected to I O connectors or ports on the back of the chassis 4 Provide electrostatic discharge ESD protection by wearing an antistatic wrist strap attached to a chassis ground any unpainted metal surface when handling components Required tools and supplies Phillips cross head screwdriver 1 bit and 2 bit Recommended Antistatic wrist strap and conductive foam pad Installation To...

Page 13: ...the cable to a network socket 2 Connect a mouse keyboard and screen to the connectors on the Appliance s back panel 3 Log in to the Appliance using the default login root and the default password skyboxview 4 Run the command set_appliance_network this command configures network interfaces with an IP address netmask and default gateway a Select a network interface to configure b Select the IP mode ...

Page 14: ...config a 7 Open the network card config file using the vi editor The content will be similar to the following DHCP example NAME ens2f0 DEVICE ens2f0 IPV6INIT no ONBOOT yes HWADDR 00 1e 67 d4 7d 50 BOOTPROTO dhcp PEERDNS no Static IP address example NAME ens2f0 DEVICE ens2f0 IPV6INIT no ONBOOT yes HWADDR 00 1e 67 d4 7d 50 BOOTPROTO none IPADDR 192 168 80 132 NETMASK 255 255 254 0 GATEWAY 192 168 80...

Page 15: ...ybox Appliance Administration appears FIRST TIME CONFIGURATION You must configure the date and time and change the passwords before using the Skybox Server All other settings are optional and you can configure them later To configure the date and time 1 On the System tab select Date and Time Configuration 2 For manual date and time configuration a Select Manual Date and Time Configuration b Click ...

Page 16: ...nector of the hardware for example enp2s0 are applied if applicable Method 5 is used in all other cases 4 Names incorporating the interface s MAC address for example enx78e7d1ea46da are not used by default but are available if the user chooses 5 The traditional kernel naming scheme for example eth0 is used if all other methods fail What s next The Skybox Manager is the client application that comm...

Page 17: ...rotation are provided automatically when necessary as part of Skybox updates However when updates are provided you must restart the syslog server on the System tab disable the syslog server and then enable it again for it to start using the updates For information about customizing the syslog server see Customizing the syslog server on page 25 ...

Page 18: ...figuration options are described in the following tables About tab Pane Description System Information Provides information about Skybox configuration Network tab Note that changes to the configuration information made in this tab are only saved after you click Save Network Configuration Pane Description Network Configuration Summary Displays a summary of the Appliance configuration information Cl...

Page 19: ...u to change the name of the Appliance Change System Mode Toggles between Server mode where the Appliance functions as both Server and a Collector and Collector mode where the Appliance functions only as a Collector SNMP Select Enable SNMP Service to set up SNMP configuration host configuration and sending traps You can also download the Appliance MIBs For more information see Setting up SNMP confi...

Page 20: ...ly Community SNMPv1 or SNMPv2 community string Source Name or IP address subnet represented as IP MASK 10 10 10 0 255 255 255 0 IP BITS 10 10 10 0 24 Multiple sources must be comma separated On the Notification Traps tab Destination Name or IP address of the notification receiver traps server Traps Community SNMP community of the notification receiver traps server 4 When you are finished click Sav...

Page 21: ...ORTED BOND MODES The following bond modes are supported The recommended bond mode is active backup mode 0 balance rr Round robin policy Transmit packets in sequential order from the first available slave through the last This mode provides load balancing and fault tolerance mode 1 active backup Active backup policy Only one slave in the bond is active A different slave becomes active if and only i...

Page 22: ...es over the MAC address of the failed receiving slave Prerequisite Ethtool support in the base drivers for retrieving the speed of each slave mode 6 balance alb Adaptive load balancing includes balance tlb plus receive load balancing rlb for IPV4 traffic and does not require any special switch support The receive load balancing is achieved by ARP negotiation The bonding driver intercepts the ARP r...

Page 23: ... password stored on the RADIUS server for this user Changing the TLS version The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security TLS protocols There are 3 possible configurations for TLS Default Security configuration for SSL All TLS versions are enabled High Security configu...

Page 24: ...A AES128 SHA256 ECDHE RSA AES256 SHA 4 Uncomment either High or Medium not both by deleting from the appropriate SSLProtocol SSLCipherSuite lines Note Do not uncomment the title line itself High Medium Security High Security configuration for SSL SSLProtocol all TLSv1 2 SSLCipherSuite EECDH AESGCM EDH AESGCM AES256 EECDH ECDHE RSA AES128 SHA DHE RSA AES128 GC M SHA256 AES256 EDH ECDHE RSA AES256 G...

Page 25: ...he logs stored When the syslog server is enabled new log files are stored in one of the following locations depending on the type of log var log syslog ng new var log firewall_assurance change_logs new The logs are kept for 48 hours in the new directory and are then archived for 3 more days in the parallel old directory var log syslog ng old var log firewall_assurance change_logs old What are the ...

Page 26: ...tory path of the files var log syslog ng new and var log firewall_assurance change_logs new Modules The scope of devices whose logs are to be imported In the Advanced tab The date format used by the device For Cisco and Juniper traffic events The positions of the Device ID and date in the log ...

Page 27: ...r 28 Manager system requirements The Skybox Manager is a Java client application that connects to the Skybox Server through port 8443 You can install multiple Managers on a single computer this is useful when connecting to Servers of different versions Operating system The following operating systems are supported for the Manager Windows 7 Windows 8 Windows 10 64bit only Windows Server 2012 Browse...

Page 28: ...nager communicates with the server over 8443 TCP by default If there is a firewall between the Manager and the Server access on this port should be explicitly permitted Upgrading the Manager In some cases the Manager installation file on the Appliance is outdated In this case you can download the new Manager installation file or you might receive it from Skybox Security s product support team to r...

Page 29: ..._ patch appliance_update Skybox_ patch appliance_update md5 2 Copy Skybox_ patch appliance_update to the Appliance server using Secure Copy Protocol SCP 3 Copy Skybox_ patch appliance_update md5 to the same directory using SCP 4 Connect to the Appliance server via SSH using root credentials 5 Navigate to the directory where the files were saved 6 Verify that the update file was copied without any ...

Page 30: ...u created the CSR c SSLCertificateChainFile must be the intermediate certificate file for example DomainCertCA crt 3 Save a backup of etc httpd conf d skybox conf and then open the file 4 In the file make the following changes replacing the sample file names here with the actual file names a ServerName skyboxapp ServerName www your domain org b SSLCertificateFile etc pki tls certs localhost crt et...

Page 31: ...ults 1 Insert the DVD in the DVD ROM drive 2 Reboot the Appliance 3 As soon as you see the Skybox Installation Menu window press any key Note If you do not press a key within several seconds the Appliance boots from the local drive 4 In the menu select Skybox Appliance Installation Note The restore process takes approximately 25 minutes 5 When the installation finishes proceed from System configur...

Page 32: ... 11 52 0 Percentages of idle CPU time 1 3 6 1 4 1 2021 11 11 0 Raw idle CPU time 1 3 6 1 4 1 2021 11 53 0 Raw nice CPU time 1 3 6 1 4 1 2021 11 51 0 Memory statistics Total swap size 1 3 6 1 4 1 2021 4 3 0 Available swap space 1 3 6 1 4 1 2021 4 4 0 Total RAM in machine 1 3 6 1 4 1 2021 4 5 0 Total RAM used 1 3 6 1 4 1 2021 4 6 0 Total RAM free 1 3 6 1 4 1 2021 4 11 0 Total RAM shared 1 3 6 1 4 1 ...

Page 33: ...6 52 46 49 46 49 57 55 54 56 46 49 Skybox Collector status 1 3 6 1 4 1 8072 1 3 2 3 1 4 19 49 46 51 46 54 46 49 46 52 46 49 46 49 57 55 54 56 46 50 Additional SNMP configuration For further SNMP configuration refer to The MIB files on the Appliance located at usr local snmpsa mibs The SNMP configuration file etc snmp snmpd conf ...

Page 34: ...et_appliance_details script from the CLI The following is a sample output of this script APPLIANCE_VERSION 8 5 103 7 1 11 CORES 2 MODE SERVER MODEL RAM 32014 MB SERIAL_NUMBER SKYBOXVIEW 8 0 513 Hardware issues Whenever there is a hardware issue on the Appliance usually indicated by the system status LED turning amber or blinking do the following 1 Run getlogs as the root user The diagnostic log fi...

Page 35: ... etc systemd system default target this is linked to the multi user target by default Traditional runlevels defined runlevel 0 runlevel 1 runlevel 2 runlevel 3 runlevel 4 runlevel 5 runlevel 6 The default runlevel is set in etc inittab Host name change In Red Hat Enterprise Linux 7 as part of the move to the new init system systemd the hostname variable is set in etc hostname In Red Hat Enterprise...

Page 36: ... and chkconfig commands to start stop and enable disable services respectively they are not 100 compatible with the RHEL 7 systemctl command according to Red Hat Use the service and chkconfig commands Start Service service start nfs or etc init d nfs start Enable Service To start with specific runlevel chkconfig level 3 5 nfs on Default firewall firewalld dynamic firewall The built in configuratio...

Page 37: ...t be required for example if you are sending the Appliance back to Skybox Security for replacement Caution This procedure wipes the HDD completely Afterwards it will not be bootable or function at all The following command overwrites all partitions master boot records and data dd if dev urandom of dev sda bs 1M Wiping the hard disk drive ...

Page 38: ...m systems test equipment and so on other than an ITE application will require further evaluation and may require additional regulatory approvals Note The use and or integration of telecommunication devices such as modems and or wireless devices have not been planned for with respect to these systems If there is any change of plan to use such devices then telecommunication type certifications will ...

Page 39: ...h worldwide regulatory requirements A Material Declaration Data Sheet is available for Intel products For more reference on material restrictions and compliance you can view Intel s Environmental Product Content Specification at http supplier intel com ehs environmental htm Europe European Directive 2002 95 EC Restriction of Hazardous Substances RoHS Threshold limits and banned substances are note...

Page 40: ...3 CLASS A GS Mark Germany VCCI Marking Class A Japan KC Mark Korean Communications Commission Korea GOST R Marking Russia Ukraine Certification Ukraine BSMI Certification RPC Number Class A Warning Taiwan FCC Marking Class A USA This device complies with Part 15 of the FCC Rules Operation of this device is subject to the following two conditions 1 This device may not cause harmful interference and...

Page 41: ...tion of Hazardous Substance RoHS Environmental Friendly Use Period Mark China Recycling Package Marks China Will be added on Package label Other Recycling Package Marks Internatio nal Will be added on Package label Battery Perchlorate Warning Information USA CA Perchlorate Material Special handling may apply See www dtsc ca gov hazardouswaste perchlorate This notice is required by California Code ...

Page 42: ...his equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmf...

Page 43: ...ation of this notice This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications Europe CE Declaration of Conformity This product has been tested in accordance to and complies with the Low Voltage Directive 73 23 EEC ...

Page 44: ...ense and Product 2 Certification No On RRL certificate Obtain certificate from local Intel representative 3 Name of Certification Recipient Intel Corporation 4 Date of Manufacturer Refer to date code on product 5 Manufacturer Nation Intel Corporation Refer to country of origin marked on product CNCA CCC China The CCC Certification Marking and EMC warning is located on the outside rear area of the ...