Duplicating Firewall Rules in USM Appliance Standard Sensors

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Whenever you add one or more USM Appliance Standard Sensors to the USM Appliance Standard Server in a system, you must add server-specific firewall rules to the sensors. This preserves the ability to execute remote scans.

This topic describes how to add firewall rules and also how to disable them when you need to disable HA, for example, during an upgrade.

Adding Server-Specific Firewall Rules to Sensors

To add server-specific firewall rules to the sensors

  • On each USM Appliance Standard Sensor, enter the following command, even if not all sensors are part of the HA configuration:

    alienvault-ha-assistant –f <master_server_ip> <slave_server_ip>

Removing Firewall Rules from Sensors

To remove firewall rules from sensors when HA has been disabled in the servers

  • Run the following command in the USM Appliance Standard Sensor(s) to remove the configuration:

    alienvault-ha-assistant -d

Restoring Firewall Rules in Sensors

When you disable an HA connection between two USM Appliance Standard Sensors at the same level, it disables all HA firewall rules, not only in that location, but also among sensors at the upper level. For this reason, you must restore the firewall configuration after any HA disablement.

To restore the firewall configuration on the sensors

  • Run the following command in the USM Appliance Standard Sensor(s) to restore firewall rules:

    alienvault-ha-assistant –f <master_server_ip> <slave_server_ip>