- This product is to be installed on a virtual server having system requirements as follows:
- 32 Gb RAM
- 8 core CPU
- 100GB Disk (For Collector 500GB)
- Ubuntu v18 or higher
- Docker Engine installed
- Docker compose installed
- On firewalls where POC is planned a user account having administrative rights needs to be created.
- Network access from the server to the related firewalls and their related L3 switch components must also be given on the following service ports:
- TCP/22: for switches/routers
- TCP/80
- TCP/443
- ICMP
- Any other port that may be needed to access if non-standard ports are used.
- Syslog traffic to the related syslog server must be allowed from the manager.
- For Collector: Syslog traffic to the related server needs to be configured and firewall access be given if required.
- SMTP reach to the related mail server needs to be configured and firewall access be given if required.
- LDAP/s access to the internal directory server needs to be given on firewalls.
- Radius access to internal AAA servers needs to be given on firewalls and the necessary configuration be done if the preferred remote authentication is Radius.
Detailed installation steps can be found on Opinnate Installation Guide v3.2.0 documentation.
POC Checklist
The following list contains the items that would be tested during the POC process.
# | Task Name | Platform | Test Condition and Details |
1 | New admin user creation | Global | A new local username will be created with one of the predefined admin profiles |
2 | LDAP/Radius Integration | Global | LDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles |
3 | Admin Profiles Add/Edit | Global | New admin profile will be created having the RW right for firewall operation RO right for admin profiles and users |
4 | Syslog server configuration | Global | A Syslog server will be created to send system log messages. |
5 | Collector integration | Global | Collector IP address with the port 8081 must be configured on Collector menu |
6 | Auto Renew | Global | Auto renew must be enabled and the period must be chosen to refresh all firewall data |
7 | Device User Profile configuration | Virtual Area | New device user profile to be created with the predefined information that is created on firewalls |
8 | Device integration | Virtual Area | New device will be configured and added with necessary fields |
9 | Device LDAP Integration addition | Virtual Area | New LDAP integration to be added for user-based rule creation |
10 | Device LDAP SSO Relation addition | Virtual Area | Relation between devices and domains to be defined to create a user-based rule on the related devices |
11 | Environmental settings configuration | Virtual Area | Corporate DNS server, PCI-DSS subnets, etc. be configured as needed |
12 | SMTP add (Notification) | Virtual Area | For mail integration SMTP server details will be configured |
13 | Rule Viewer Filtering | Virtual Area | Apply a filter based on source IP, destination IP and schedule information |
14 | Rule Viewer Save Filter | Virtual Area | Save a filter created and reload it afterwards |
15 | Rule Card Customization | Virtual Area | Change the required fields to be shown for a vendor rule card |
16 | Rule Export | Virtual Area | Based on the filter applied export the rules via pdf report |
17 | Risk Acceptance for a Critical/Risky/Conflicting Rule | Virtual Area | Select a risky, permissive critical or conflicting rule to accept the related risk for that rule and give a reason |
18 | Rule Update | Virtual Area | Select a rule and change the necessary fields of that rule and see the result afterwards |
19 | Assigning Rule Owner for a Rule | Virtual Area | Select a rule and assign a rule owner for that rule |
20 | Object Viewer filtering | Virtual Area | Search for any object and filter the related rules |
21 | Object Viewer – Name Change | Virtual Area | Choose the object name to be changed and using the edit button define the new one |
22 | Object Viewer – IP Change | Virtual Area | Choose the object IP to be changed and using the edit button define the new one |
23 | Group Object Viewer – Rename | Virtual Area | Change the name of the group object |
24 | Group Object Viewer – Append | Virtual Area | A new IP address must be added to a group |
25 | Group Object Viewer – Remove | Virtual Area | An Ip address must be removed from a group |
26 | Rule Checker – Topology Based | Virtual Area | Find out if there is access between any two IP address on a specified port |
27 | Rule Checker – Non-Routed | Virtual Area | Find out if there is access between any two IP address on a specified port on the selected firewalls |
28 | Topology Find IP | Virtual Area | Write down any IP address on the related field to see where the IP address is located |
29 | Topology Find Path | Virtual Area | Using the search field give source and destination IP information and click on Find Path |
30 | Topology Rule Checker | Virtual Area | On the search field give service information in addition to IP and click on Rule Check |
31 | Report Settings | Virtual Area | Change the logo or the fields related with portrait or landscape orientation |
32 | Report Export | Virtual Area | Choose PCI based reporting and choose the devices and click generate report button |
33 | Disable Policy | Virtual Area | Disable any chosen policy from rule viewer and using the edit function on rule viewer disable it |
34 | Enable Policy | Virtual Area | Enable any chosen disabled policy from rule viewer and using edit function on rule viewer enable it |
35 | Delete Policy | Virtual Area | Delete any chosen disabled policy from rule viewer and using edit function on rule viewer delete it |
36 | Corporate Policy | Virtual Area | 4 different network roles be defined and relations between this roles be defined on Security Policy matrix |
37 | Add New Rule Request | Virtual Area | Create a new rule request using the source IP, destination IP and service information |
38 | Add New Rule Path Free Request | Virtual Area | Create a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied |
39 | Add New Rule Request (User Based) | Virtual Area | Create a new rule request using the source IP, destination IP, domain, user and service information |
40 | Add New Rule Path Free Request (User Based) | Virtual Area | Create a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied |
41 | Server Cloning (Same Network) | Virtual Area | Create a new request for a new IP on the same subnet |
42 | Server Cloning (Diff Network) | Virtual Area | Create a new request for a new IP on a different subnet |
43 | Server Cloning Path-free | Virtual Area | Create a new request for a new IP on the same subnet |
44 | Optimize – Shadow | Virtual Area | Choose the devices that shadow policies to be found and check the related rules |
45 | Optimize – Expired | Virtual Area | Choose the devices that expired policies to be found and check the related rules |
46 | Optimize – Unused | Virtual Area | Choose the devices that unused policies to be found and check the related rules |
47 | Optimize – Clean Disable | Virtual Area | Choose the devices that clean disable policies to be found and check the related rules |
48 | Optimize – Remove Duplicates | Virtual Area | Find objects having the same IP address or network on each firewall and make it singularized |
49 | Optimize Decommission | Virtual Area | Choose IP/s to be removed from the firewalls and check the related rules |
50 | Usage Analysis | Virtual Area | Create a new task for a rule that is to be made more specific based on the usage data |
51 | Revision Compare | Virtual Area | Find out the changes made on firewalls between two revisions by choosing topic, firewalls and the revisions |
52 | Alert Composer | Virtual Area | Define an alert for revision compare or critical rule creation |
53 | Group Base New Group | Virtual Area | Create a new group and define its members |
54 | Group Base New Policy | Virtual Area | Create a new group-based rule request with necessary source IP, destination IP and service fields |
55 | Group Base Ip Add to Group | Virtual Area | Adding a new IP address to a group request |
56 | Group Rule Viewer | Virtual Area | Find all groups-based rule information here. Apply a filter for a specific group |