Opinnate

                                                                                                                                                                                                                                              Blog  Support

Request Demo
Support Portal
Partner Portal
Request Demo
Support Portal
Partner Portal
Request Demo
opinnate logo
Support
Partner
Request
View Categories

Opinnate Release Notes v5.1.0

  • Making risk assessment on firewalls
  • ISO27001 audit control
  • PCI audit control
  • NIST audit control

Effective management: Making policy management in an effective way requires management effectiveness. These are some of the items that are made for this management easiness and effectiveness:

  • Having virtualized multi-tenancy features
  • Corporate policy management/view/usage
  • Rule/object usage monitoring
  • Alerting on new problematic rule creation
  • Finding out firewall changes
  • Having executive dashboards
  • Firewall specific network topology view

Known Issues and Limitations

Integration vendors: Opinnate has integration with the leading firewall vendors. Palo Alto, Fortinet, Check Point, Cisco, Sophos, Vmware NSX, (Google, Amazon, Azure with 5.1)

Log collection: All syslog data is collected but just the traffic logs and event logs are investigated, and all traffic logs are stored in a special format for the last 30 days period.

Unused Rules: Unused rules are found based on the Last Used data we collect from firewalls. If there is an issue with this data generation unused rules cannot be identified. A ticket should be opened to the related firewall vendors if this is the case.

Clear text protocol usage on reporting: Clear-text protocol usage for admin access identification cannot be made for Check Point firewalls.

Panorama: If there is Panorama integration for Palo Alto firewalls the integration must be over Panorama.

Getting Started

This product is suggested to be used on a server with the mentioned Operating System and version:

  • Ubuntu v20 or higher
  • Docker Engine installed 
  • Docker compose installed 

Installation Steps

This is the summary of installation steps for v5.1. for docker based installation. Detailed installation options and steps can be found on the Installation Guide document.

  1. Docker Engine Installation: A Docker engine is to be installed on the system if not installed.
  2. Docker Compose Installation: Docker compose is to be installed if not installed.
  3. Downloading files: A zip file containing all docker image files, compose file and installation script file.
  4. Running script: Using the script file installation of the system.

Upgrade Process

These are the steps to upgrade for the customers that use 4.2.x release of Opinnate.

1. Before Upgrade

  1. Take Snapshot for both Manager and Collector components. 
  2. Find out local admin (or default admin) user and password. 
  3. Check the License. 
  4. Check the web connection providing with SSL certificate or not. 
  5. Take a control on Alert Composer. 
  6. Check the Collector and Trusted host. 
  7. Check the Firewall Connection. 
  8. Check the risk score.

2. Manager 

  1. Opinnate will provide v5.1.1 Upgrade File(s). 
  2. Connect Opinnate Web UI via browser with HTTPS protocol. 
  3. There is “System Configuration / Upgrade” menu on “System” on left menu bar. 
  1. Select the upgrade zip file and click upgrade. 
  2. Then cloud/upload icon will appear on right/up corner and click on it. 
  3. The system will log you out after each upgrade process. 
  4. While upgrading, services will restart, Services can be controlled with “watch docker ps” command from cli. 

3. Collector 

  1. Upgrade files for Opinnate Collector v3.2.1 will be provided. 
  2. Connect Opinnate Web UI via browser with HTTPS protocol. 
  3. There is “System Configuration / Upgrade” menu on “System” on left menu bar. 
  1. Select the collector which one or all planned to upgrade. 
  2. Select the upgrade zip file and click upgrade. 
  3. Then cloud/upload icon will appear on right/up corner and click on it. 
  4. While upgrading, services will restart, Services can be controlled with “watch docker ps” command from cli. 

4. Steps Required After Upgrade 

  1. Check the remote authentication. 
  2. Insert Coupon Code for trial usage on Add-Ons (Opinnate Support). 
  3. Trigger manually Renew Data process. 
  4. Check the SSL connection from client to Opinnate Manager. 
  5. Check the Alert Composer Alerts if any of them could be triggered. 
  6. Check the SMTP Server connection with sending a test mail. 
  7. Check the connectivity between Manager and Collector. 
  8. Check the existence Unused Address & Unused Address Group Widget in Virtual Area Dashboard. 
  9. Create tasks for newly added Rule Usage types. 
  10. Export Rules Excel & PDF for testing. Export file will be generated in Compliance & Reporting > Export. 
  11. Check the Alerts under Alert & Notification Setting for existence and newly added, then enable Collector alarms if needed. 
  12. Create Debug File for checking.

Updates and Changes

These are the new features added in 5.1.1 version.

Global:

  1. Opinnate Manager Auto Backup feature is added. 
  2. Opinnate Manager Backup Upload to External server option has been added. 
  3. Collector Upgrade option has been added in Global > System > System Configuration > Upgrade. 
  4. .pfx option has been added in Certificates. 
  5. Traffic Log storage can be edited in Global > System > Settings for Collector (Default 30 Days). 
  6. Login Banner option has been added in Global > System > Settings.

Analysis:

  1. Unused Addresses & Unused Address Groups widgets are added in Virtual Area Dashboard. 
  2. Added an IPsec VPN page under Firewall Dashboard. 
  3. Reference counts for objects are displayed on the Firewall Dashboard. 
  4. New Rules Filter Fields are added: 
  5. Accepted Explanation: Text Search option has been added in Risky, Permissive Critical and Policy Conflict Acceptance Explanation. 
  6. Source IP Count & Destination IP Count & Total IP Count: IP Count search has been added for source, destination or total. 
  7. Source Type & Destination Type: A search option has been added depending on the address type (IPMASK, IPRANGE, FQDN etc.). 
  8. Master Rule ID: Search shadowed rules by Master Rule ID. 
  9. Schedule:  
  • Next Days: Following Days from now. 
  • Days After: After <int> Days. 
  1. Address and address group references are now shown in separate sections: Rules, Address Groups, and NAT. 
  2. Security Policy Check feature has been added: Analysis can be made for Corporate Policy. 
  3. IP resolution support has been added for FQDN objects: 
  4. IP Details are shown in Rule Cards, Addresses, Address Groups for 

FQDN Objects. 

  1. User based check option has been added for Rule Check & Rule Check Path Free. 
  2. FQDN Objects and their IP Resolution are included in Rule Check. 
  3. Negate option has been added in Rule Check Analysis. 
  4. Rule Checker now shows deny rules. 
  5. New Rule Usage options have been added: 
  6. Only Source 
  7. Only Destination 
  8. Only Service 
  9. Only User: User Base Analysis has been added from traffic logs. 
  10. Only Application: Application Base Analysis has been added from traffic logs. 
  11. User Base: Results now show “User” instead of “Source”. 
  12. Application Base: Results now show “Application” instead of “Service. 
  13. Enabled running Rule Usage for a rule directly from the Rule Usage Task List on 

the rule card. 

  1. Rule/Custom Usage results are now orderable by hit count and additional fields 

inside of the task. 

  1. Cloud Firewalls are supported for analysis: 
  2. Microsoft Azure (NSG & Native Firewall) 
  3. Amazon Web Services (AWS – AWS Security Group & Native Firewall) 
  4. Google Cloud Platform (GCP) 

Notes: This release supports pulling rules from cloud platforms and running 

analysis. Syslog analysis, optimization, and automation are not included in this 

version. 

  1. Huawei L3 Switch / Router are supported. 
  2. Increased the Usage Task List limit from 10 to 20 tasks. 
  3. Audit Comment Field: Audit Comments for Fortinet and Palo Alto are now shown in the Custom Real-Time Rule Config Change alert. 
  4. Multiple Collector option has been added: Supporting for multiple Collectors to enable location-based segmentation and load distribution for firewall logs. 
  5. SMTPServer: Moved SMTP Configuration from Alert Notification Settings into a 

separate “SMTP Server” menu.  

  1. New Alerts added: 
  2. Collector Service Health Check: Checking connection between Manager and Collector. 
  3. Collector Log Receive Check: Checking Collector receive and process 

traffic logs for firewalls. 

  1. NetworkRolesCreation: Added support for assigning Network Roles from firewall interfaces and address groups. 
  2. Security Policy View Option: Added a list view option in addition to the matrix 

view for Security Policy. 

Reporting:

  1. Rule &Object Export no longer triggers a direct download. Exports are now 

created in Compliance & Reporting > Export. 

  1. CIS & NCA Report Template has been added in New Report. 

Automation

  1. FQDN Based Rule Create & Update option has been added: FQDN can be used in source or destination also can be used with IP Type. 
  2. Server Cloning architecture has been changed: 
  3. Improved analysis performance. 
  4. Added consolidation suggestions when an existing rule is detected 

during rule creation. 

  1. Zone based rule create option has been added to the new release for ease. If you don’t want to create rules with multiple interfaces/zones, disable ‘Multiple Interface’ under Device Settings. This allows rule creation in zone based format instead of interface.

Add-ons:

Application Visibility :

  1. Application: Applications can be defined with the following details: 
  • Whether it is behind a load balancer. 
  • Whether it provides a specific service. 
  • Which IPs it includes. 
  • Tagging information. 
  1. Application Map 
  • Application Map visualizes connections between configured applications and 

unclassified IPs (labeled “Other”) in both Map and List views. 

  • Application connections are now analyzed using traffic logs collected by the 

Collector. 

  • Can be triggered on weekly basis for all applications, or run manually for a 

specific application.

  • When triggered for all applications, the analysis processes the last 1 week of 

traffic log data and generates the results. 

  • When run manually for a specific application, you can analyze traffic logs 

according to the number of days defined in Log Storage. 

Certificate Tracker :

  1. Certificate expiration is monitored.  
  2. Certificates can be uploaded directly to Opinnate Manager, or certificate details 

can be entered manually to track the expiration date.  

  1. Notifications can be configured for three dates prior to expiration. 
  2. Supports certificates with .pem, .cer, .der, and .pfx extensions. 
  3. Certificate type must be selected (Certificate / Certificate Authorities) during import. 

FW Backup Tracker :

  1. Added daily/weekly backup support for FortiGate and Palo Alto. 
  2. Backup destination (Manager/Collector/External) and SFTP credentials are 

required. 

License Tracker :

  1. Provides license expiration tracking for FortiGate and Palo Alto firewalls and 

their managers.  

  1. License information retrieved from the device is presented as options, and the

license type to be tracked can be selected.  

  1. Notifications can be configured for three dates prior to expiration. 

Support

If you encounter any issues while using Opinnate NSPM, please contact our support team at [email protected].

Thank you for choosing Opinnate! We hope you enjoy using it.

Powered by BetterDocs