2. Watchguard
  3. Enterprise Security Manager

Watchguard Enterprise Security Manager User guide

  • Hello! I am an AI chatbot trained to assist you with the Watchguard Enterprise Security Manager User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
1
UserGuide,Release0.9
2
ESM Support Team ([email protected])
Release 0.9
Copyright © WatchGuard Technologies 2016. All rights reserved.
This document is for informational purposes only. WatchGuard makes no
warranties, expressed or implied, as to the information in this document. The name
of any companies and products referenced may represent trademarks that are
herein property of their respective owners.
3
RevisionHistory
Date Version Description
7/6/2016 0.9 (rev-1) User guide created for release 0.9
4
TableofContents
1 EnterpriseSecurityManager 8
1.1 WhatisEnterpriseSecurity Manager? 8
1.1.1 Features 8
1.1.2 OperationalPrinciples 8
2 InstallationProcedure 9
2.1 ImportOVAFile 9
2.2 ConfiguringNetworkInterface 12
3 ESMUserInterface 13
3.1 Introduction 13
3.2 ESMWebInterface 13
3.2.1 NavigationPane 14
3.2.2
UserPane 15
3.2.3 ViewPane 15
3.3 EnterpriseSecurityManagerGeneralControls 15
3.3.1 Login 15
3.3.2 Logout 16
3.3.3 ChangeUserSettings 16
3.3.4 ForgottenPassword 18
3.3.5 SystemBusy 21
3.3.6 DisplayFeatures 21
3.3.6.1
FilteringbyColumnFilters 21
3.3.6.2
ListPagination 22
3.3.6.3
Search 23
3.3.6.4
ExpandforDetails 25
3.3.7 Edit/ChangeConfirmation 26
4 UserRoles 27
4.1 AdministratorRole 27
4.1.1 HostSensorRegistrations 28
4.1.2 Settings 28
4.1.2.1
Authentication 28
4.1.2.2
Email 30
4.1.2.3
General 31
4.1.2.4
ManagerConfiguration 32
4.1.3 Users 32
4.1.3.1
AddaUser 33
4.1.3.2
DeleteaUser 34
4.1.3.3
ModifyaUser 34
4.1.4 System 35
5
4.1.4.1
AuditLog 35
4.1.4.2
ExportAuditLogData 36
4.1.4.3
PurgeAuditLogData 37
4.2 Operator 38
4.2.1 System 38
4.2.1.1
AuditLog 38
5 ManagerConfiguration 39
5.1 Overview 39
5.2 HostSensorPollingforManagerConfiguration 41
5.3 AddingaManager 42
5.4 ModifyingaManager 43
5.5 DeletingaManager 44
5.6 AddingIPRangestoaManager 45
5.7 EditingIPRangesforaManager 47
5.8 DeletingIPRanges
foraManager 48
5.9 FindingWhichManagerCoversanIPAddress 49
6 HostSensorRegistrations 50
6.1 Overview 50
6.2 HostSensorRegistrationDetails 51
6.3 InstallingHostSensorstoRegistertoESM 52
7 SupportedOperatingSystems 53
8 Glossary 54
9 AppendixAOpenSource 55
6
TableofFigures
Figure 1: Enterprise Security Manager Web Interface ................................................................ 13
Figure 2: Enterprise Security Manager default page with pane collapsed .................................. 14
Figure 3: Settings Menu expanded ............................................................................................. 15
Figure 4: Settings and System Menus Expanded ....................................................................... 15
Figure 5: User Login page .......................................................................................................... 16
Figure 6: User Settings page ...................................................................................................... 17
Figure 7: Unsaved Changes prompt ........................................................................................... 17
Figure 8: Login Screen ................................................................................................................ 18
Figure 9: Forgot Password Email Confirmation Screen .............................................................. 18
Figure 10: Forgot Password Reset page .................................................................................... 19
Figure 11: Password Reset Confirmation Email Example .......................................................... 19
Figure 12: New Password Screen .............................................................................................. 20
Figure 13: Login page with password reset confirmation message ............................................ 20
Figure 14: System Busy Icon ...................................................................................................... 21
Figure 15: Display Filter Selection Example ............................................................................... 21
Figure 16: Pagination Example ................................................................................................... 22
Figure 17: Drop-down list of pages ............................................................................................. 22
Figure 18: Number of Items per page selections ........................................................................ 23
Figure 19: Search example with help text ................................................................................... 23
Figure 20: Search example with IP address filled in ................................................................... 24
Figure 21: List of Manager Configurations .................................................................................. 25
Figure 22: Details of the IP ranges covered by the East Region Manager ................................. 25
Figure 23: Edit/Change Confirmation display ............................................................................. 26
Figure 24: Administrator Default Screen ..................................................................................... 27
Figure 25: Microsoft Active Directory Authentication window ..................................................... 28
Figure 26: Add Authentication Service Dialog ............................................................................ 29
Figure 27: Authentication Settings after two servers added ....................................................... 29
Figure 28: Microsoft Active Directory Sync Results Confirmation ............................................... 30
Figure 29: Admin settings for email ............................................................................................ 31
Figure 30: Send Test Email window ........................................................................................... 31
Figure 31: General Settings ........................................................................................................ 31
Figure 32: Manager Configuration Example ............................................................................... 32
Figure 33: User Management ..................................................................................................... 32
Figure 34: Add User Example Screen ........................................................................................ 33
Figure 35: User drop-down menu for Remove User ................................................................... 34
Figure 36: User Deletion Confirmation Screen ........................................................................... 34
Figure 37: User Modification Screen ........................................................................................... 34
Figure 38: Change Password Screen ......................................................................................... 35
Figure 39: Audit Log view pane .................................................................................................. 36
Figure 40: Manager Setting Changed ......................................................................................... 36
7
Figure 41: Audit Log Setting Modified ......................................................................................... 36
Figure 42: Audit Log Purged view pane ...................................................................................... 37
Figure 43: Operator Dashboard Screen ...................................................................................... 38
Figure 44: Example Manager Configuration ............................................................................... 39
Figure 45: Manager Configuration Columns ............................................................................... 40
Figure 46: Add Manager Example Screen .................................................................................. 42
Figure 47: Edit or Remove Manager ........................................................................................... 43
Figure 48: Edit Manager Pane .................................................................................................... 43
Figure 49: Manager Deletion Confirmation ................................................................................. 44
Figure 50: Manager Deletion Second Confirmation .................................................................... 44
Figure 51: Manager Deletion Failure Message ........................................................................... 44
Figure 52: Initial IP Range pane for a Manager .......................................................................... 45
Figure 53: Add IP Range form .................................................................................................... 45
Figure 54: Manager Details with IP Range data ......................................................................... 47
Figure 55: IP Range edit form ..................................................................................................... 47
Figure 56: Remove Mapping ....................................................................................................... 48
Figure 57: Remove Mapping Confirmation ................................................................................. 48
Figure 58: Remove Mapping Second Confirmation .................................................................... 48
Figure 59: Search Managers by Covered Host IP address ........................................................ 49
Figure 60: Search Managers by Covered Host IP address for 192.168.49.100 ......................... 49
Figure 61: Host Sensor Registration Overview ........................................................................... 50
Figure 62: Host Sensor Communications Details ....................................................................... 51
Figure 63: Server Supported Operating Systems ....................................................................... 53
Figure 64: Workstation Support Operating Systems ................................................................... 53
8
1 EnterpriseSecurityManager
1.1 WhatisEnterpriseSecurityManager?
This guide provides operational instructions and guidelines to allow a user to interact with
Enterprise Security Manager (ESM).
The Enterprise Security Manager allows commercial entities to configure networks containing
numerous Host Sensors across multiple HawkEye G instances. The ESM provides centralized
host registration management and allows a large number of Host Sensors to be load balanced
against multiple Hawkeye G instances.
1.1.1 Features
Features include:
Host Sensor configuration
HawkEye G failsafe configuration
Load balancing
1.1.2 OperationalPrinciples
Enterprise Security Manager simplifies an enterprise’s network security operations by enabling
customers with a large quantity of Host Sensors across multiple HawkEye G nodes to configure
the nature in which each Host Sensor connects to a node. By providing simple, broad-range
configurations and easy-to-map fail-safe backups, ESM ensures the customer’s network is
seamlessly configured and continuously connected.
9
2 InstallationProcedure
2.1 ImportOVAFile
1. Open VSphere Client
2. Click File -> “Deploy OVF Template”
3. Click Browse and Find the OVA file provided
4. Click “Next >”
5. Select the Name and Location of the new VM.
10
The screen shot below shows an ESX server not connected to vCenter. vCenter Installations
will require you to choose a folder location and other options
6. Click “Next >”
7. Select a Host/Cluster and storage.
11
8. Selection Provisioning Type
9. Click “Next >”
10. Change Network Mapping. The Source Network is “G Internal”, select a “Destination
Network” that corresponds to the information provided for the creation of the ESM OVA.
12
11. Click “Next >”
12. Click “Finish”
13. Power On virtual machine
2.2 ConfiguringNetworkInterface
Note: The steps below are not needed if the ESM OVA image was pre-configured.
1. In vSphere, Open a Console to the ESM Virtual Machine
2. Log In as root
3. Edit /etc/sysconfig/network-scripts/ifcfg-eth0, Set the IP_ADDR, NETMASK, DNS1 and
DNS2 appropriate to your network
4. Edit /etc/sysconfig/network, set GATEWAY to the gateway as the network that you have
assigned the Virtual Machine
5. Run Service Network Restart.
13
3 ESMUserInterface
3.1 Introduction
The Enterprise Security Manager User Interface, as shown in Figure 1, is accessed via a web
browser and is the mechanism by which a customer interacts with and manages ESM
components.
3.2 ESM WebInterface
The Enterprise Security Manager Web Interface is designed to be compatible with all common
web browsers and can be accessed by users who have been assigned the Administrator role
(NOTE: for ESM 0.9, the “operator” role exists, but it is non-functional. Please access ESM only
via the Administrator role).
The ESM Web Interface is comprised of three (3) panes, as shown in Figure 1:
Navigation Pane
User Pane
View Pane
Figure 1: Enterprise Security Manager Web Interface
These panes are described in the sections that follow, with each referring to the figure above.
14
3.2.1 NavigationPane
The Navigation pane (outlined in red in Figure 1) is located on the left side of the diagram. The
pane collapses and expands (Figure 2 shows the Navigation pane collapsed) by clicking the
button located above the pane.
The items available in the Navigation pane are shown below. To expand or collapse a menu
item, hold the cursor over the menu item name, such as Settings, as shown in Figure 3. The
Navigation sub-menus remain open until the user closes them, even if the user selects a new
menu item. Figure 4 shows both the Settings and System sub-menus expanded.
Host Sensor Registrations
Settings
Users System
Figure 2: Enterprise Security Manager default page with pane collapsed
15
Figure 3: Settings Menu expanded
Figure 4: Settings and System Menus
Expanded
3.2.2 UserPane
The User pane (outlined in blue in Figure 1) displays horizontally across the top of the window.
This pane only contains the Navigation menu button (referenced in the Navigation pane
section), a user settings menu in the top right (accessed via the button), and a logout link.
3.2.3 ViewPane
The View pane (outlined in green in Figure 1) occupies the remaining part of the window and
displays details for the item selected in the Navigation pane. The Host Sensor Registration
Dashboard is the default section displayed when first logging in to the ESM.
The display in the View pane is not dynamic but a static view of the system at the date/time
indicated on the top right below the User pane. The date/time is updated when the screen is
loaded (selected from the Navigation buttons on the left) or when the Refresh Now button is
clicked.
3.3 EnterpriseSecurityManagerGeneral
Controls
These sections describe the general controls for the Enterprise Security Manager User
Interface.
3.3.1 Login
The Web Interface can only be accessed via an HTTP/SSL connection. The Web Interface URL
is https://localhost:8443/esm/login. Once a user connects, the login page is displayed, as shown
in Figure 5. The version number is shown at the bottom of the login page (and the bottom of all
pages in the application).
16
The default login credentials are as follows:
User: admin
Password: admin
Figure 5: User Login page
After entering your credentials, click the Login button. Once logged in, the home page for the
Enterprise Security Manager Web Interface is displayed. (NOTE: On the first login of any newly
created user, you will go to a screen requiring you to enter a new password. This is also true of
the default “admin” user.)
3.3.2 Logout
To terminate a session, click the Logout button in the User Pane. You will then be returned to
the ESM login page.
3.3.3 ChangeUserSettings
User settings can be changed by selecting User Settings after clicking on the Expand
button to the right of your username. This will open the User Settings view pane as shown in
Figure 6. The user can change their full name, user name, email address, password, idle time,
and session time out.
The user can select the desired setting changes, enter the Current Password, and then click
Save. The ESM system recognizes that if the user changes some parameters in an entry
screen and then tries to navigate to another view without first saving, a confirmation window will
appear as shown in Figure 7.
17
Figure 6: User Settings page
Figure 7: Unsaved Changes prompt
18
3.3.4 ForgottenPassword
If the user forgets their password, they have the option to reset it via the Forgot your
password? link on the login screen (shown in Figure 8).
Figure 8: Login Screen
The user will be prompted to enter the email address that was registered when the user account
was created (as shown in Figure 9).
Note: ESM will warn you if the email address is not in a proper format and, as a security
measure against account enumeration, will not provide feedback as to whether the email
address exists in the ESM user database.
Figure 9: Forgot Password Email Confirmation Screen
19
Once a valid email address has been entered, the user will be presented the Password Reset
notification shown in Error! Reference source not found..
Figure 10: Forgot Password Reset page
The user will receive an email (Figure 11) with a one-time link to access the Password Reset
page shown in Figure 12.
Figure 11: Password Reset Confirmation Email Example
20
Figure 12: New Password Screen
Enter the new password in both fields and then click Submit.
Upon validation of the new password, the user will be redirected to a login page, which will
display a password reset confirmation message, as shown in Figure 13.
Figure 13: Login page with password reset confirmation message
/