Opinnate

                                                                                                                                                                                                                                              Blog  Support

OPINNATE POC GUIDELINE V3.2.0

Requirements

  1. This product is to be installed on a virtual server having system requirements as follows:
  • 32 Gb RAM
  • 8 core CPU
  • 100GB Disk (For Collector 500GB)
  • Ubuntu v18 or higher
  • Docker Engine installed
  • Docker compose installed
  1. On firewalls where POC is planned a user account having administrative rights needs to be created.
  1. Network access from the server to the related firewalls and their related L3 switch components must also be given on the following service ports:
  • TCP/22: for switches/routers
  • TCP/80
  • TCP/443
  • ICMP
  • Any other port that may be needed to access if non-standard ports are used.
  1. Syslog traffic to the related syslog server must be allowed from the manager.
  2. For Collector: Syslog traffic to the related server needs to be configured and firewall access be given if required.
  1. SMTP reach to the related mail server needs to be configured and firewall access be given if required.
  1. LDAP/s access to the internal directory server needs to be given on firewalls.
  1. Radius access to internal AAA servers needs to be given on firewalls and the necessary configuration be done if the preferred remote authentication is Radius.

Detailed installation steps can be found on Opinnate Installation Guide v3.2.0 documentation.

POC Checklist

The following list contains the items that would be tested during the POC process.

#Task NamePlatformTest Condition and Details
1New admin user creationGlobalA new local username will be created with one of the predefined admin profiles
2LDAP/Radius IntegrationGlobalLDAP credentials will be configured on the system and new LDAP user be created with one of the predefined admin profiles
3Admin Profiles Add/EditGlobalNew admin profile will be created having the RW right for firewall operation RO right for admin profiles and users
4Syslog server configurationGlobalA Syslog server will be created to send system log messages.
5Collector integrationGlobalCollector IP address with the port 8081 must be configured on Collector menu
6Auto RenewGlobalAuto renew must be enabled and the period must be chosen to refresh all firewall data
7Device User Profile configurationVirtual AreaNew device user profile to be created with the predefined information that is created on firewalls
8Device integrationVirtual AreaNew device will be configured and added with necessary fields
9Device LDAP Integration additionVirtual AreaNew LDAP integration to be added for user-based rule creation
10Device LDAP SSO Relation additionVirtual AreaRelation between devices and domains to be defined to create a user-based rule on the related devices
11Environmental settings configurationVirtual AreaCorporate DNS server, PCI-DSS subnets, etc. be configured as needed
12SMTP add (Notification)Virtual AreaFor mail integration SMTP server details will be configured
13Rule Viewer FilteringVirtual AreaApply a filter based on source IP, destination IP and schedule information
14Rule Viewer Save FilterVirtual AreaSave a filter created and reload it afterwards
15Rule Card CustomizationVirtual AreaChange the required fields to be shown for a vendor rule card
16Rule ExportVirtual AreaBased on the filter applied export the rules via pdf report
17Risk Acceptance for a Critical/Risky/Conflicting RuleVirtual AreaSelect a risky, permissive critical or conflicting rule to accept the related risk for that rule and give a reason
18Rule UpdateVirtual AreaSelect a rule and change the necessary fields of that rule and see the result afterwards
19Assigning Rule Owner for a RuleVirtual AreaSelect a rule and assign a rule owner for that rule
20Object Viewer filteringVirtual AreaSearch for any object and filter the related rules
21Object Viewer – Name ChangeVirtual AreaChoose the object name to be changed and using the edit button define the new one
22Object Viewer – IP ChangeVirtual AreaChoose the object IP to be changed and using the edit button define the new one
23Group Object Viewer – RenameVirtual AreaChange the name of the group object
24Group Object Viewer – AppendVirtual AreaA new IP address must be added to a group
25Group Object Viewer – RemoveVirtual AreaAn Ip address must be removed from a group
26Rule Checker – Topology BasedVirtual AreaFind out if there is access between any two IP address on a specified port
27Rule Checker – Non-RoutedVirtual AreaFind out if there is access between any two IP address on a specified port on the selected firewalls
28Topology Find IPVirtual AreaWrite down any IP address on the related field to see where the IP address is located
29Topology Find PathVirtual AreaUsing the search field give source and destination IP information and click on Find Path
30Topology Rule CheckerVirtual AreaOn the search field give service information in addition to IP and click on Rule Check
31Report SettingsVirtual AreaChange the logo or the fields related with portrait or landscape orientation
32Report ExportVirtual AreaChoose PCI based reporting and choose the devices and click generate report button
33Disable PolicyVirtual AreaDisable any chosen policy from rule viewer and using the edit function on rule viewer disable it
34Enable PolicyVirtual AreaEnable any chosen disabled policy from rule viewer and using edit function on rule viewer enable it
35Delete PolicyVirtual AreaDelete any chosen disabled policy from rule viewer and using edit function on rule viewer delete it
36Corporate PolicyVirtual Area4 different network roles be defined and relations between this roles be defined on Security Policy matrix
37Add New Rule RequestVirtual AreaCreate a new rule request using the source IP, destination IP and service information
38Add New Rule Path Free RequestVirtual AreaCreate a new rule request using the source IP, destination IP and service information and also choose the device from the list that action be applied
39Add New Rule Request (User Based)Virtual AreaCreate a new rule request using the source IP, destination IP, domain, user and service information
40Add New Rule Path Free Request (User Based)Virtual AreaCreate a new rule request using the source IP, destination IP, domain, user and service information and also choose the device from the list that action be applied
41Server Cloning (Same Network)Virtual AreaCreate a new request for a new IP on the same subnet
42Server Cloning (Diff Network)Virtual AreaCreate a new request for a new IP on a different subnet
43Server Cloning Path-freeVirtual AreaCreate a new request for a new IP on the same subnet
44Optimize – ShadowVirtual AreaChoose the devices that shadow policies to be found and check the related rules
45Optimize – ExpiredVirtual AreaChoose the devices that expired policies to be found and check the related rules
46Optimize – UnusedVirtual AreaChoose the devices that unused policies to be found and check the related rules
47Optimize – Clean DisableVirtual AreaChoose the devices that clean disable policies to be found and check the related rules
48Optimize – Remove DuplicatesVirtual AreaFind objects having the same IP address or network on each firewall and make it singularized
49Optimize DecommissionVirtual AreaChoose IP/s to be removed from the firewalls and check the related rules
50Usage AnalysisVirtual AreaCreate a new task for a rule that is to be made more specific based on the usage data
51Revision CompareVirtual AreaFind out the changes made on firewalls between two revisions by choosing topic, firewalls and the revisions
52Alert ComposerVirtual AreaDefine an alert for revision compare or critical rule creation
53Group Base New GroupVirtual AreaCreate a new group and define its members
54Group Base New PolicyVirtual AreaCreate a new group-based rule request with necessary source IP, destination IP and service fields
55Group Base Ip Add to GroupVirtual AreaAdding a new IP address to a group request
56Group Rule ViewerVirtual AreaFind all groups-based rule information here. Apply a filter for a specific group

Powered by BetterDocs