Forum SENTRY, Quick Start Manual

Page 1: ...Forum Sentry Quick Start Guide 1 FORUM SENTRY API SECURITY GATEWAY QUICK START GUIDE V8 9 ...

Page 2: ...ec WebAdmin Forum Systems XML Security Appliance Forum Sentry Forum Presidio Forum XWall Forum Sentry Web Services Gateway Forum Presidio OpenPGP Gateway Forum FIA Gateway Forum XWall Type PCI Forum XWall Web Services Firewall and Forum XRay are trademarks and registered trademarks of Forum Systems Inc All other products are trademarks or registered trademarks of their respective companies Copyrig...

Page 3: ...e WSDL Policy 10 3 Reviewing the WSDL Policy and Enable WSDL Access 11 4 Review the Associated Network Policies 12 IV Testing the Sentry WSDL Policy 13 1 Obtaining SOAPSonar from Crosscheck Networks 13 2 Loading the WSDL into SOAPSonar 13 3 Sending a Request to the Sentry WSDL Policy 15 4 Reviewing Transactions in the Sentry System Log 16 V Deploying a REST API Building a REST Policy 18 1 Creating...

Page 4: ...on for Forum Systems Support II Requirements and Installation 1 Minimum Requirements Software The following are minimum requirements for the Sentry software instances only Operating System Requirements Windows 2000 XP 2003 Vista 2008 7 2012 2012 R2 8 10 Linux running on a 2 4 or later kernel Linux 64bit Solaris x86 10 Minimum Hardware Requirements 1GHz CPU 40GB Hard drive 2GB Ram Virtual Appliance...

Page 5: ...re instances can also be used for upgrading the software instances Installing on Windows 1 Navigate your file system and click on the downloaded installation package 2 The installation package Introduction screen will appear Click Next 3 The License Agreement screen appears 4 Read the product License Agreement terms and conditions To accept the License Agreement check the I accept the terms of the...

Page 6: ...lable at https helpdesk forumsys com 3 Forum Sentry Virtual Appliance Installation Procedures The Forum Sentry virtual appliances run the FIPS certified ForumOS operating system Sentry virtual appliances run within VMware infrastructure An OVA file from Forum Systems is required to install and run the Sentry virtual appliance Some general instructions are included below For detailed installation s...

Page 7: ...rk is properly segmented and that no machines that can access the MGMT network can access the WAN or LAN networks otherwise you will be creating a network loop and can experience network issues The steps below provide a quick outline of installation procedure For detailed instructions and for more details on the networking options please see the Sentry Hardware Installation Guide and if you have a...

Page 8: ...a Browser Access the Sentry WebAdmin interface via browser using the syntax https ip_or_dns_name 5050 You will be prompted for a license see section 6 below After applying a license you are prompted to create a new Admin account After creating the Admin account you are logged into the WebAdmin SSH into the instance using the same IP or DNS name used to access the WebAdmin interface using the Admin...

Page 9: ...you still cannot access the page ensure there are no local firewalls preventing this communication You may also need to adjust your browser s proxy settings and verify that port 5050 is bound and active using netstat After you have created the new administrator user you are logged into the WebAdmin interface The default page is the Getting Started page III Deploying a SOAP API Creating a WSDL Poli...

Page 10: ...rface and navigate to the Gateway Gateway Policies WSDL Policies page 2 Click New to create a new WSDL Policy A WSDL can be loaded via File URL from a UDDI or from an existing WSDL Library 3 The WSDL Policy name will be auto generated based on the URI or Filename fields Once you have chosen your method of importing the WSDL click Next 2 Creating the WSDL Policy 1 On the next screen you will create...

Page 11: ...er receiving the incoming request and performing the IDP scan schema validation and any task processing defined in Sentry The Send to remote server option should be enabled if you want to use this policy in proxy mode send the processed request to a back end service Disable this option if you want to use this policy in service mode the processed request is sent immediately back to the client nothi...

Page 12: ...qaservice qaservice asmx Use this URI to retrieve the WSDL http 192 168 0 14 80 qaservice qaservice asmx WSDL Enter this link into a web browser and verify that the WSDL document is shown This is the newly generated WSDL document from Forum Sentry and will have the Sentry listener policy endpoints as the service port locations such that clients will communicate directly with Sentry as the service ...

Page 13: ...ent IV Testing the Sentry WSDL Policy After creating a WSDL Policy on Sentry administrators will want to test the policy We recommend using the free edition of the SOAPSonar Service Testing tool from Crosscheck Networks to generate the SOAP messages to test the Sentry policies For assistance with SOAPSonar please contact support crosschecknet com 1 Obtaining SOAPSonar from Crosscheck Networks 1 Yo...

Page 14: ...ion to open the default test case that was generated 3 Under Project Tree on the left expand out to see a test case You ll see the Request window open showing the Schema Fields view This allows you to easily enter data for each element of the SOAP request being generated Click on the XML tab to see the auto generated SOAP message from the schema field values provided ...

Page 15: ...o the Sentry WSDL Policy 1 Enter some request data and click the icon to commit the settings Then click the icon to send the request to the Sentry WSDL Policy 2 The response message should show up on the Response tab either below the request window or next to it This is the response message that is coming back from Sentry If the processing is successful on Sentry the request will go from Sentry to...

Page 16: ...try System Log To review or troubleshoot transactions processed by Sentry you will review the Sentry System Log 1 In the WebAdmin interface go to the Diagnostics Logging Settings page 2 Set the System Log Logging Level to DEBUG for testing purposes only 3 Send another request from SOAPSonar to Sentry 4 Access the Sentry System log on the Diagnostics Logging Internal Logs page Select the Today log ...

Page 17: ...r you send a request click the Session ID to show only the log messages for that transaction Then scroll to the bottom to see the first log message Document entered communications layer 7 Going up from there you ll see the incoming request headers the actual request itself and all processing Sentry performs on the request 8 When you see the Sending remote server a processed request message this in...

Page 18: ...the port number The remote policy is the actual endpoint for the service This is where Sentry will send the processed request after receiving the incoming request and performing the Access Control IDP scan schema validation and any task processing defined in Sentry The Send to remote server option should be enabled if you want to use this policy in proxy mode send the processed request to a back e...

Page 19: ... Network Policies page of the WebAdmin interface Here you will see the HTTP Listener and HTTP Remote policies generated while creating the REST Policy A Listener Policy can be of many different protocol types including HTTP FTP MQ EMS sFTP and more A listener policy does the following Defines the IP and Port and the Protocol HTTP HTTPS etc Defines Get Queue to listen for inbound messages MQ EMS JM...

Page 20: ...Lists Task Management Guide 5 Using XML Policies for non SOAP based services XML REST HTML XML Policies Guide 2 Contacting Forum Systems Support Online Helpdesk create support tickets access forums docs FAQs https helpdesk forumsys com Email Support support forumsys com Phone Support 1 781 791 7510 option 2 3 Forum Sentry Documentation Full Sentry Documentation also available through the WebAdmin ...