Opinnate

                                                                                                                                                                                                                                              Blog  Support

Request Demo
Support Portal
Partner Portal
Request Demo
Support Portal
Partner Portal
Request Demo
opinnate logo
Support
Partner
Request
View Categories

Opinnate Installation Guide v5.1.0

Requirements

This product is suggested to be installed on a server with the mentioned Operating System, specs and necessary network settings as follows:

  1. System Requirements
  • 32 Gb RAM 
  • 8 core CPU
  • 300GB Disk (For Collector 500GB)
  • Ubuntu v20 or higher
  • Docker Engine installed 
  • Docker compose installed 

**These are average requirements and valid for all POCs.

  1. On firewalls where POC is planned a user account having administrative rights needs to be created. 
  1. Network access from the server to the related firewalls and their related L3 switch components must also be given on the following service ports:
  • TCP/22: for switches/routers
  • TCP/80
  • TCP/443
  • ICMP
  • Any other port that may be needed to access if non-standard ports are used.
  1. Syslog traffic to the related syslog server would be allowed from the Manager IP address UDP/514 for Opinnate internal logs.
  1. Syslog traffic from firewalls to the Collector needs to be configured and firewall access be given if required. UDP/514
  1. Manager to the related mail server needs to be configured and firewall access be given if required. It is generally TCP/25.
  1. Manager to LDAP access to the internal directory server needs to be given on firewalls. It is TCP/389 or TCP/636
  1. Radius access to internal AAA servers needs to be given for Manager on firewalls and the necessary configuration be done if the preferred remote authentication is Radius.
  1. Manager to Collector: TCP/8081, TCP/5000 for internal communication
  1. Collector to Manager: TCP/3306 for internal communication
  1. Admins to Manager: TCP/443, TCP/22 for management access
  1. Admins to Collector: TCP/5000, TCP/22 for management access

Installation Steps

ISO-based Installation

A single ISO image file will be downloaded from support portal: support.opinnate.com.

Using this image file both Manager and Collector installations can be made

Here are the steps and screenshot for this installation:

When the server is booted from ISO file, there will be a screen showing up asking if Manager or Collector installation to be made.

After the related selection necessary IP address and DNS settings will be made. 

Docker-based Installation

  1. Docker Engine Installation (if not installed already)
  2. Docker Compose Installation (if not installed already)
  3. Downloading files
  4. Running script

Step-by-Step Instructions

  1. Docker Engine and Docker Compose Installation 

You can also follow the instructions from docker website:

Docker engine installation : https://docs.docker.com/engine/install/ubuntu/

Docker compose installation: https://docs.docker.com/compose/install/linux/#install-using-the-repository

 // Uninstall old version

sudo apt-get remove docker docker-engine docker.io containerd runc

// Update apt package

sudo apt-get update

sudo apt-get install \

    ca-certificates \

    curl \

    gnupg

// Add docker official GPG key

sudo install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpg

sudo chmod a+r /etc/apt/keyrings/docker.gpg

// Use the following command to set up the repository

echo \

  “deb [arch=”$(dpkg –print-architecture)” signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \

  “$(. /etc/os-release && echo “$VERSION_CODENAME”)” stable” | \

  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

// Update the apt package index

sudo apt-get update

// Install docker engine and docker compose

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

// Check if it is ok.

Sudo docker run hello-world

  1. Downloading files

Following are the files needed:

  • several .tar files that are containing Opinnate Docker images,
  • a docker-compose.yml file,
  • run.sh file that is a bash script to load the Docker images and run the compose file.

Extract the contents of the compressed file, preferably to /srv/opinnate directory.

Execute the bash script with sudo privileges.

  1. Running Script
  • sudo bash run.sh

Script will import the docker images and run docker-compose file. 

Access Opinnate application in https://localhost:443 or in https://<ip of the device that the app is running on>:443 from any other machine.

Default username and password of the system is admin for the username and opinnate for the password.

Upgrading from 4.2 release

  1. Opinnate will provide v5.1.1 Upgrade File(s). 
  2. Connect Opinnate Web UI via browser with HTTPS protocol. 
  3. There is “System Configuration / Upgrade” menu in “System” on left menu bar. 
  1. Select the upgrade zip file and click upgrade. 
  2. Then cloud/upload icon will appear on right/up corner and click on it. 
  3. The system will log you out after each upgrade process. 
  4. While upgrading, services will restart, Services can be controlled with “watch docker ps” from cli. 

Opinnate Collector Installation

Opinnate Collector installation is made on a separate server with the requirements mentioned before through the same installation steps using the same image file. It is important not to start this installation process before the Manager system installation and first-time data renewal is made. Once installed, syslog configuration can be made on Opinnate Manager after integrating with Collector. 

  1. Opinnate Manager Integration:

Integration with the Collector component can be made via Virtual Area/Settings/Device Integration/Collector menu. There is API integration between each component, so for the manager to connect to collector component the IP address must be given in the form IP Address:8081. Once it is added each firewall integrated to the related Virtual Area will be seen with the trusted IP field missing. For each firewall the related IP address used for sending syslog messages must be identified for rule usage to work. Starting from 5.1.1 release multiple Collector components for each Virtual Area is supported.

  1. Syslog Configuration on Firewalls:

Syslogs are collected on UDP port 514. For each firewall from which the syslog messages are collected must be configured for sending syslog messages. The related syslog configuration steps can be found on each firewall vendor administration guide for the related version. However, there are a couple of important items to remember for this integration.

  1. For Check Point firewalls the syslog format must be json
  2. For Fortinet firewalls the sender IP address for syslog messages must not be on the same network or broadcast domain with Collector.
  3. If there are firewalls or other L3 devices between the Collector and firewalls, the necessary configuration to give access to syslog messages must be made.
  4. For Palo Alto Firewalls the log format must be like the following. The configuration can be made on Syslog Server Profile > Custom Log Format > Config

$receive_time|$serial|$type|$subtype|$time_generated|$host|$vsys|$cmd|$admin|$client|$result|$path|$before-change-detail|$after-change-detail|$seqno|$dg_hier_level_1|$dg_hier_level_2|$dg_hier_level_3|$dg_hier_level_4|$vsys_name|$device_name

Finally, once every step is clear It would be better to check if the needed syslog messages are coming with the tcpdump command on Collector via connecting through SSH.

tcpdump -i any host “IP Address of firewall” port 514 

Opinnate Collector Upgrade

  1. Upgrade files for Opinnate Collector v3.2.1 will be provided. 
  2. Connect Opinnate Web UI via browser with HTTPS protocol. 
  3. There is “System Configuration / Upgrade” menu on “System” on left menu bar. 
  1. Select the collector which one or all planned to upgrade. 
  2. Select the upgrade zip file and click upgrade. 
  3. Then cloud/upload icon will appear on right/up corner and click on it. 
  4. While upgrading, services will restart, Services can be controlled with “watch docker ps” from cli. 

After Upgrade

  1. Check the remote authentication. 
  2. Provide Coupon Code for trial usage on Add-Ons (Opinnate Support). 
  3. Trigger manually Renew Data process. 
  4. Check the ssl connection from client to Opinnate Manager. 
  5. Check the Alert Composer Alerts if any of them could be triggered. 
  6. Check the SMTP Server connection with sending a test mail. 
  7. Check the connectivity between Manager and Collector. 
  8. Check the existence Unused Address & Unused Address Group Widget in Virtual Area Dashboard. 
  9. Create tasks for newly added Rule Usage types. 
  10. Export Rules Excel & PDF for testing. Export file will be generated in Compliance & Reporting > Export. 
  11. Check the Alerts under Alert & Notification Setting for existence and newly added, then enable Collector alarms if needed. 
  12. Create Debug File for checking.

Powered by BetterDocs