Skybox Securoty Appliance 5500 User manual
Skybox Appliance 5500
Quick Start Guide
8.5.400
Revision: 11
Proprietary and Confidential to Skybox Security. © 2017 Skybox Security,
Inc. All rights reserved.
Due to continued product development, the information contained in this
document may change without notice. The information and intellectual property
contained herein are confidential and remain the exclusive intellectual property of
Skybox Security. If you find any problems in the documentation, please report
them to us in writing. Skybox Security does not warrant that this document is
error-free.
No part of this publication may be reproduced, stored in a retrieval system, or
transmitted in any form or by any means—electronic, mechanical, photocopying,
recording, or otherwise—without the prior written permission of Skybox Security.
Skybox®, Skybox®Security, Skybox Firewall Assurance, Skybox Network
Assurance, Skybox Vulnerability Control, Skybox Threat Manager, Skybox
Change Manager, Skybox Appliance 5500/6000/7000/8000, and the Skybox
Security logo are either registered trademarks or trademarks of Skybox Security,
Inc., in the United States and/or other countries. All other trademarks are the
property of their respective owners.
Contact information
Contact Skybox using the form on our website or by emailing
info@skyboxsecurity.com
Customers and partners can contact Skybox technical support via the Skybox
support portal
Skybox version 8.5.400 3
Overview ............................................................................................... 5
Basic architecture.....................................................................................5
Related documentation..............................................................................5
Skybox Appliance specifications ................................................................ 6
What’s in the box .....................................................................................6
Physical specifications ...............................................................................6
Environmental specifications ......................................................................7
MTBF estimates for Skybox Appliance .........................................................8
Front panel..............................................................................................9
Back panel connectors.............................................................................10
Port mapping ....................................................................................10
File system partitions..............................................................................11
Setting up Skybox Appliance ...................................................................12
Installation ............................................................................................12
Starting Skybox Appliance ..................................................................12
System configuration ..............................................................................13
Configuring connection.......................................................................13
Setting up the Appliance for configuration ............................................15
First-time configuration......................................................................15
Network naming schema in CentOS 7...................................................16
What’s next ...........................................................................................16
Configuring the Appliance .......................................................................18
Configuration and management options.....................................................18
Setting up SNMP configuration .................................................................20
Setting up network interface bonding........................................................20
Supported bond modes ......................................................................21
RADIUS authentication............................................................................22
Changing the TLS version ........................................................................23
Customizing the syslog server .................................................................25
Installing the Skybox Manager.................................................................27
Manager system requirements .................................................................27
Installing the Manager.............................................................................28
Upgrading the Manager ...........................................................................28
Contents
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 4
Updating the operating system on Skybox Appliance ..................................29
Adding a customer certificate ..................................................................30
Restoring the Appliance to factory defaults................................................31
Monitoring SNMP....................................................................................32
Troubleshooting.....................................................................................34
Change log............................................................................................35
Wiping the hard disk drive.......................................................................37
Regulatory and safety information............................................................38
Product regulatory compliance .................................................................38
Safety compliance .............................................................................38
EMC compliance – Class A compliance..................................................39
Environmental requirements ...............................................................39
Product regulatory compliance markings....................................................39
Electromagnetic compatibility notices for the server board...........................42
Skybox version 8.5.400 5
Chapter 1
The Skybox™ Appliance is a hardware solution that enables you to deploy
Skybox easily, without the burden of maintaining your own server.
Skybox®is an Automated Risk and Compliance Management (ARCM) platform
that helps enterprise IT departments to discover and resolve potential security
and compliance risks before they impact your organization.
Skybox is a multi-tier platform. Skybox Appliance runs the Server and users run
Managers (clients) that connect to the Server over the network. Skybox also
runs an additional Skybox component, the Collector, which connects to data
sources and imports the data to the Server.
The Skybox Server and Collector are preinstalled on Skybox Appliance and run at
startup.
In this chapter
Basic architecture ................................................................. 5
Related documentation.......................................................... 5
Basic architecture
The Skybox platform consists of a 3-tiered architecture with a centralized server
(Skybox Server), data collectors (Skybox Collectors), and a user interface
(Skybox Manager). Skybox can be scaled easily to suit the complexity and size of
any infrastructure.
For additional information, see the Skybox architecture topic in the Skybox
Installation and Administration Guide.
Related documentation
Related documentation includes:
›Skybox online help
›Skybox documentation
Overview
Skybox version 8.5.400 6
Chapter 2
This chapter contains product specifications and packaging information for the
Skybox Appliance 5500.
In this chapter
What’s in the box.................................................................. 6
Physical specifications ........................................................... 6
Environmental specifications .................................................. 7
MTBF estimates for Skybox Appliance...................................... 8
Front panel .......................................................................... 9
Back panel connectors......................................................... 10
File system partitions .......................................................... 11
What’s in the box
The following items are included in the shipping carton:
›Skybox Appliance 5500
›Rack mount kit
›Front bezel
›AC power cord
›RJ45 to DB9 serial console cable
›Skybox Quick Start Guide
›2 DVDs
•
Skybox: Installs Skybox on the Appliance; it contains the Skybox
software and additional Appliance documentation
•
Restore Appliance: Restores the Appliance to factory settings
Physical specifications
The physical features of Skybox Appliance 5500 are listed in the following table.
Feature Description
Form factor 1U rack
Rack dimensions
1.70” x 17.24” x 27.93” (43.2mm x 438 mm x 709.37
Skybox Appliance specifications
Chapter 2 Skybox Appliance specifications
Skybox version 8.5.400 7
Feature Description
(H x W x D)
mm)
Weight
•System weight: 35.8 lb (16.24 kg)
•Packaged weight: 42.4 lb (19.23 kg)
Power supply 450W 1+1 redundant AC +12V DC and +5V standby
Data storage RAID 1
System cooling
•2 dual rotor managed 40mm x 56mm system fans
•1 40mm x 40mm system fan
•2 power supply fans
Front panel
features
•1 power button with integrated LED
•1 system ID button with integrated LED
•1 system status LED
•4 NIC LEDs
•1 HDD activity LED
•1 system cold reset button
•2 USB 2.0 connectors
•Bezel with lock support
External I/O
connectors
(back panel)
•DB-15 video connector
•DB-9 serial port A connector
•2 USB 2.0 Ports
•2 USB 3.0 Ports
•6 RJ-
45 network interface (LAN) connectors supporting
10/100/1000 Mb
Compliant
standards Ctick, NRTL, CE, FCC, EMC, BSMI, KC, and more
For detailed information, see Regulatory and safety
information (on page 38).
Environmental specifications
Environmental specifications for Skybox are listed in the following table.
Property Limits
Operating
temperature +10°C to +35°C with the maximum rate of change not to
exceed 10°C per hour
Non-operating
temperature -40°C to +70°C
Non-operating
humidity 50% to 90%, non-condensing with a maximum wet bulb
of 28°C
Acoustic noise Sound pressure: 55 dBA (rack mount) in an idle state at
typical office ambient temperature. (23 C +/- 2 C)
Sound power: 7.0 dBA in an idle state at typical office
ambient temperature. (23 +/- 2 degrees C)
Shock, operating Half sine, 2 g peak, 11 msec
Shock,
unpackaged Trapezoidal, 25 g, velocity change is based on packaged
weight
Shock, packaged Non-palletized free fall height 18 inches (
≧
40 lbs to > 80
lbs)
Vibration Unpackaged: 5 Hz to 500 Hz, 2.20 g RMS random
Packaged: 5 Hz to 500 Hz, 1.09 g RMS random
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 8
Property Limits
ESD Air discharge: 12.0 kV
Contact discharge: 8.0 kV
System cooling
requirement 744 BTU/hour
EMI operating EMI testing of this product is conducted at an open field
site according to the current BKM methodology.
Conducted and radiated emissions shall comply with FCC
and CISPR 22 limits for Class A products. Test reports are
made available through EPG Product Regulations
MTBF estimates for Skybox Appliance
The estimated mean time between failures (MTBF) and Failures in Time (FIT) for
Skybox Appliance 5500 are listed in the following table.
Subassembly MTBF (hours) FIT (failures/10^9
hours)
Intel®Server Board S1200V3RPM
371523 2692
Backplane board 935180 1069
Power supply 450W MiniERPS 967300 1034
Cooling fan (1-fixed fans) 490000 2041
Cooling fans (2-fixed fans) 77680 12873
Front panel board 8272282 121
Total without motherboard 58300 17138
Total with motherboard 50400 19830
Note: The estimates listed here are for Skybox Appliance in 40°C ambient air.
Chapter 2 Skybox Appliance specifications
Skybox version 8.5.400 9
Front panel
Skybox Appliance 5500’s front panel includes 2 USB connectors, plus a power
button and LEDs.
Power button and LEDs
Letter Feature
A System ID button with integrated LED
B NMI button (recessed; tool required for use)
C NIC-1 activity LED
D NIC-3 activity LED
E System cold reset button
F System status LED
G Power button with integrated LED
H Hard drive activity LED
I NIC-4 activity LED
J NIC-2 activity LED
Front panel LED functions
LED Color/state Description
Power/Sleep
Green/on Power on
Green/blinking Sleep
Off Power off
NIC LEDs
Green/on Network link but no network activity
Green/blinking Network activity
Off No link
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 10
LED Color/state Description
System Status
Green/on System ready/no alarm
Green/blinking System ready, but degraded:
redundancy lost (for example, a power
supply or fan failure); non-critical
temperature or voltage threshold
reached; battery failure; or predictive
power supply failure.
Amber/on Critical Alarm: Critical power modules
failure, critical fans failure, voltage
(power supply), critical temperature
and voltage
Amber/blinking Non-Critical Alarm: Redundant fan
failure, redundant power module
failure, non-critical temperature and
voltage
Off Power off: System unplugged
Power on: System powered off and in
standby, no prior
degraded/non-critical/critical state
Back panel connectors
Skybox Appliance 5500’s back panel includes the following connectors:
PORT MAPPING
The mapping between physical ports on the back panel of Skybox Appliance and
logical ports is listed in the following table.
Back panel
connector Logical port to which it is
mapped
NIC1 eno1
NIC2 eno2
Chapter 2 Skybox Appliance specifications
Skybox version 8.5.400 11
File system partitions
Skybox Appliance’s file system is partitioned as follows:
›SWAP: 4 GB
›/tmp: 5% of the entire space
›/: 20% of the entire space
›/var: 45% of the entire space
›/opt: The rest of the disk
Note: On machines with less than 200 GB of disk space, Skybox is installed on a
single partition.
Skybox version 8.5.400 12
Chapter 3
This chapter explains how to set up Skybox Appliance.
In this chapter
Installation ........................................................................ 12
System configuration .......................................................... 13
What’s next........................................................................ 16
Installation
Before installation
Before installing the rack mount kit, observe these safety guidelines:
1Turn off all peripheral devices connected to Skybox Appliance.
2Turn off Skybox Appliance by pressing the Power button on the front of the
chassis, and then unplug the AC power cords from the chassis or wall outlet.
3Label and disconnect all peripheral cables and all telecommunications lines
connected to I/O connectors or ports on the back of the chassis.
4Provide electrostatic discharge (ESD) protection by wearing an antistatic wrist
strap attached to a chassis ground—any unpainted metal surface—when
handling components.
Required tools and supplies
›Phillips (cross head) screwdriver (#1 bit and #2 bit)
›(Recommended) Antistatic wrist strap and conductive foam pad
Installation
To install Skybox, refer to the installation instructions included with the rack
mount kit.
STARTING SKYBOX APPLIANCE
To start the Appliance
1Connect the AC power cords to the AC connectors on Skybox’s back panel and
connect the other ends to a power supply.
Note: You can use Skybox with either 110 or 220 volt power.
Setting up Skybox Appliance
Chapter 3 Setting up Skybox Appliance
Skybox version 8.5.400 13
2On the Appliance’s front panel, press the Power button.
3Lock the front bezel in place using the key provided.
System configuration
Before running the Skybox Server, configure Skybox Appliance to be part of your
network and perform some initial system configuration.
CONFIGURING CONNECTION
Before using the Skybox Appliance Administration, you must configure
connection of Skybox to your network. This configuration is done locally, using
either:
›Mouse, keyboard, and screen
›Serial port connection
Note: For a diagram of the connectors used in the following procedures, see Back
panel connectors (on page 10).
To configure connection using a mouse, keyboard, and screen
1Connect one end of a standard network cable to the NIC 1 port on the
Appliance’s back panel; connect the other end of the cable to a network
socket.
2Connect a mouse, keyboard, and screen to the connectors on the Appliance’s
back panel.
3Log in to the Appliance using the default login (root) and the default
password (skyboxview).
4Run the command set_appliance_network (this command configures
network interfaces with an IP address, netmask, and default gateway).
a. Select a network interface to configure.
b. Select the IP mode (static or DHCP).
—When using static mode, you must provide the IP address, netmask,
and default gateway.
5When you are finished, if you are using DHCP, run ifconfig, and write down
the IP address assigned to the Appliance. You will need it later.
To configure connection using a serial port connection
1Connect one end of the serial cable to a serial port on the management
computer; connect the other end to the serial port on the Appliance.
2On the management computer, start a terminal emulation program, select the
port that you connected to in the previous step, and configure the following
port settings:
•
Bits per second: 9600
•
Data bits: 8
•
Parity: none
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 14
•
Stop bits: 1
•
Flow control: none
•
(If using PuTTY as your terminal emulator) Character set translation on
received data: UTF-8
3Press the Power button on the Appliance’s front panel and verify that the
Power LED turns green.
4Log in to the Appliance using the default login (root) and the default
password (skyboxview).
5Use the following command to move to the directory where the interface
configuration files are located:
•
cd /etc/sysconfig/network-scripts/
6Determine the 1st network card using the following command:
•
ifconfig –a
7Open the network card config file using the vi editor. The content will be
similar to the following.
DHCP example:
NAME=ens2f0
DEVICE=ens2f0
IPV6INIT=no
ONBOOT=yes
HWADDR=00:1e:67:d4:7d:50
BOOTPROTO=dhcp
PEERDNS=no
Static IP address example:
NAME=ens2f0
DEVICE=ens2f0
IPV6INIT=no
ONBOOT=yes
HWADDR=00:1e:67:d4:7d:50
BOOTPROTO=none
IPADDR=192.168.80.132
NETMASK=255.255.254.0
GATEWAY=192.168.80.254
8If you are using a static IP address, make the following changes in the
configuration file:
•
IPADDR: Change the value to your IP address
•
NETMASK: Change the value to the network subnet
•
GATEWAY: Change the value to the default gateway
If you are using DHCP, no changes are necessary.
9Configure the DNS servers; use vi to edit /etc/resolv.conf:
nameserver 1.1.1.1
nameserver 1.1.1.2
Chapter 3 Setting up Skybox Appliance
Skybox version 8.5.400 15
10 Save the file and exit.
11 Restart the network service by running the following command:
•
systemctl restart network
The interface now has a DHCP or static IP address.
12 Query the new configuration by running the following command:
•
ifconfig –a
SETTING UP THE APPLIANCE FOR CONFIGURATION
To prepare for configuring the system remotely
1From a different machine on the network, open a browser to connect to the
Skybox Appliance Administration using the following URL, where <appliance
IP address> is the IP address of the Appliance that you configured in
Configuring connection (on page 13):
•
https://<appliance IP address>:444
2The default login is skyboxview; the default password is skyboxview.
The main page of the Skybox Appliance Administration appears.
FIRST-TIME CONFIGURATION
You must configure the date and time and change the passwords before using
the Skybox Server. All other settings are optional and you can configure them
later.
To configure the date and time
1On the System tab, select Date and Time Configuration.
2For manual date and time configuration:
a. Select Manual Date and Time Configuration.
b. Click Change Date and Time; set the date and time for Skybox’s time
zone.
c. Click Change Time Zone; set the time zone for the location where the
Appliance is installed, so that reports and other data are timestamped
correctly.
3For automatic configuration:
a. Select Automatic Date and Time Configuration Using NTP Server.
b. Click Change NTP Server; add the IP address or DNS of the time server
to use. For example, 0.asia.pool.ntp.org.
c. Click Change Time Zone; set the time zone for the location where the
Appliance is installed, so that reports and other data are timestamped
correctly.
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 16
To change the passwords
1On the Security tab, select Appliance Passwords.
2To change the root password of the machine, click Change Root Password.
3To change the password of the Appliance Administration, click Change
Skyboxview Password.
NETWORK NAMING SCHEMA IN CENTOS 7
CentOS 7 uses a different network naming schema than previous versions. By
default, systemd names interfaces using the following methods:
1Names incorporating firmware-provided or BIOS-provided index numbers for
on-board devices (for example, eno1) are applied if the information is
applicable and available. Otherwise, method 2 is used.
2Names incorporating firmware-provided or BIOS-provided PCI Express hotplug
slot index numbers (for example, ens1) are applied if the information is
applicable and available. Otherwise, method 3 is used.
3Names incorporating physical location of the connector of the hardware (for
example, enp2s0) are applied if applicable. Method 5 is used in all other
cases.
4Names incorporating the interface’s MAC address (for
example, enx78e7d1ea46da) are not used by default, but are available if the
user chooses.
5The traditional kernel naming scheme (for example, eth0) is used if all other
methods fail.
What’s next
The Skybox Manager is the client application that communicates with the Server.
After installation and configuration of the Appliance, you must install the
Manager on at least one remote machine. For additional information, see
Installing the Skybox Manager (on page 27).
Using Skybox for change tracking
You can use Skybox to track changes on firewalls. Although much of the change
information can be collected directly from the firewalls, additional information
(including timestamp and user who made the change) is available only from
syslog change events that are sent to the syslog server in the Appliance. You
collect the change events using Change Tracking Events – Syslog Import
tasks.
Syslog server
The syslog server in the Appliance is preconfigured and is enabled by default.
Chapter 3 Setting up Skybox Appliance
Skybox version 8.5.400 17
Updates to the configuration files of the syslog server and the syslog log file
rotation are provided automatically (when necessary) as part of Skybox updates.
However, when updates are provided, you must restart the syslog server (on the
System tab, disable the syslog server and then enable it again) for it to start
using the updates.
For information about customizing the syslog server, see Customizing the syslog
server (on page 25).
Skybox version 8.5.400 18
Chapter 4
The following sections explain how to configure the Appliance.
›Configuration and management options (Appliance Administration) (on page
18)
›Setting up SNMP configuration (on page 20)
›RADIUS authentication (on page 22)
›Changing the TLS version (on page 23)
In this chapter
Configuration and management options .................................18
Setting up SNMP configuration..............................................20
Setting up network interface bonding.....................................20
RADIUS authentication.........................................................22
Changing the TLS version.....................................................23
Configuration and management options
Skybox Appliance’s configuration options are described in the following tables.
About tab
Pane Description
System
Information Provides information about Skybox configuration.
Network tab
Note that changes to the configuration information made in this tab are only
saved after you click Save Network Configuration.
Pane Description
Network
Configuration
Summary
Displays a summary of the Appliance configuration
information.
Click Export to save this information to an HTML file.
Network
Configuration Enables you to configure network settings (connection
method, IP address, mask, and gateway) and bonding
for each network interface connection, and to configure
the DNS servers.
Note: For non-virtual Appliances, this pane includes a
Configuring the Appliance
Chapter 4 Configuring the Appliance
Skybox version 8.5.400 19
link to a drawing of the back panel to help you
understand the connections.
System tab
Pane Description
Date and Time
Configuration
Enables you to view and change the exact date and time
in the Appliance’s time zone.
Notes:
•When setting this information manually, set the date
and time and then the time zone for the location
where the Appliance is installed, so that reports and
other data are timestamped accurately.
•Automatic configuration synchronizes Skybox with
an
atomic clock. You must provide the IP address or
DNS of the NTP server to use.
For example, 0.asia.pool.ntp.org (click Change NTP
Server).
Set the time zone after setting the NTP server.
Syslog Server Starts or stops the syslog server service.
Host Name Enables you to change the name of the Appliance.
Change System
Mode Toggles between Server mode (where the Appliance
functions as both Server and a Collector) and Collector
mode (where the Appliance functions only as a
Collector).
SNMP Select Enable SNMP Service to set up SNMP
configuration, host configuration, and sending traps.
You can also download the Appliance MIBs. For more
information, see Setting up SNMP configuration (on
page 20).
Security tab
Pane Description
Appliance
Passwords Enables you to change the root password for the
Appliance and the password for the Appliance
Administration.
SSH Toggles the SSH service on and off and enables the root
user to log in via SSH.
Control tab
Pane Description
Skybox Services Toggles the Server and Collector on and off.
Note: Turning a Skybox service off stops the service
and switches it to Manual mode. Turning the service on
restarts the service and switches it back to Automatic
mode.
Appliance
Operations Enables you to reboot or shut down the Appliance.
Skybox Appliance 5500 Quick Start Guide
Skybox version 8.5.400 20
Support tab
Pane Description
Logs Enables you to view Server, Collector, and other logs of
the Appliance.
Get Packlogs: Runs the packlogs utility and saves the
packlogs (ZIP) file to a local directory so that you can
send the file easily to support.
Skybox Manager Enables you to download the Manager for installation.
Setting up SNMP configuration
To use the Appliance as an SNMP Server
1On the System tab, click SNMP.
2Select Enable SNMP Service.
3Set the following values.
•
On the General tab:
—System Location: physical location of the Appliance
—Contact Details:email address of administrator
•
On the Security tab:
—Read Only Community: SNMPv1 or SNMPv2 community string
—Source: Name or IP address / subnet, represented as IP/MASK
(10.10.10.0/255.255.255.0) / IP/BITS (10.10.10.0/24).
Multiple sources must be comma-separated
•
On the Notification (Traps) tab:
—Destination: Name or IP address of the notification receiver traps
server
—Traps Community: SNMP community of the notification receiver traps
server
4When you are finished, click Save SNMP Configuration to save the
configuration and update the service with the new configuration.
Setting up network interface bonding
Skybox Appliances support network interface bonding for redundancy and also
for higher bandwidth.
To create a network interface bonding
1On the Network tab, click Network Configuration.
2Select Network Interfaces.
3Select an interface that you want to add to a network bond and click Add to
Network Bond.
The Network Bond Setup dialog box appears.
This manual suits for next models
1
Table of contents
Popular Firewall manuals by other brands
NETGEAR
NETGEAR FVS338 - ProSafe VPN Firewall 50 Router Reference manual
Fortinet
Fortinet FORTIMAIL-5000 quick start guide
Fortinet
Fortinet FortiGate FortiGate-5005-DIST Getting started
H3C
H3C SecPath F50X0-D Series Command reference
Draytek
Draytek Vigor 2820 Series user guide
Forcepoint
Forcepoint 3201 Hardware guide
IBM
IBM QRadar XGS 5200 Replacement instructions
Fortinet
Fortinet FortiManager-1000C Rack and hardware install guide
ZyXEL Communications
ZyXEL Communications ADSL 2+ Security Gateway Firmware release notes
PaloAlto Networks
PaloAlto Networks PA-400 Series Hardware reference
Nokia
Nokia IP40 - Satellite Unlimited - Security... quick start guide
H3C
H3C SecPath NSQM1F1KGM0 manual