Configuring SiteProtector System settings

Register with the SiteProtector™ System to configure SiteProtector System-to-Agent communications, such as heartbeat intervals, SiteProtector System groups, and proxy server use.

About this task

Navigating in the LMI: Manage > SiteProtector Management

To unregister the appliance from the SiteProtector System, clear the Register With SiteProtectorcentral management system check box.

Note: When you register the appliance with the SiteProtector System, some areas of the LMI become read-only. When you unregister the appliance from the SiteProtector System, the LMI becomes fully functional again.

You can configure the appliance to send alerts if the connectivity with the SiteProtector System stops. Configure these alerts in Manage > System Alerts.

Procedure

Complete or change these options:

Option	Description
Register with SiteProtector	Registers the appliance with the SiteProtector System.
Local Policies Override SiteProtector Group Policies	The appliance maintains all local settings and the local settings of the appliance are pushed to the SiteProtector System. From then on, the SiteProtector System manages the appliance with the local settings. Any group policy settings that are set in the SiteProtector System do not affect this appliance. Note: If you do not select this option, the appliance inherits the settings of the SiteProtector System group that you specify at the first heartbeat.
Agent Name	Specifies a name for the appliance. This name is displayed in the SiteProtector System.
SiteProtector Group Name	The name of the SiteProtector System group to which the appliance belongs. Important: Assign the appliance to a group that contains only other IBM QRadar Network Security appliances.
Heartbeat Interval	Type the number of seconds between heartbeats from the appliance to the SiteProtector System. Note: The permissible range is 60 - 86,400 seconds.
Cryptography Level	Select which cryptographic security standard the appliance complies with. Compatible Cryptography: If selected, the appliance complies with cryptographic security standard FIPS 140-2. Select this option to connect to a SiteProtector System that is also installed in compatible mode. Protocols allowed: TLS v1.0, TLS v1.1, TLS v1.2 Certificates: SHA-1 RSA-2048 Ciphers: SHA-1 or stronger Strict Cryptography: If selected, the appliance complies with cryptographic security standard SP 800-131A. Select this option to connect to a SiteProtector System that is also installed in strict mode. Protocols allowed: TLS v1.2 Certificates: SHA-2 RSA-2048 Ciphers: SHA-2 or stronger

If you are managing the appliance using the SiteProtector System in an IPv4 NAT environment, select Override SiteProtector Contact Settings, and configure the following options:
- Agent IP (IPv4)
- Agent Port (1 - 65535)

Click the Add icon and complete the following options for configuring an Agent Manager. For more information, see How the Agent Manager works.

Configure or change the following general options for an Agent Manager:

Option	Description
Enable	Enables the use of a specific Agent Manager.
Agent Manager Name	Lists the Agent Manager name exactly as it is displayed in the SiteProtector System (case-sensitive).
Agent Manager Address	Sets the IP address or DNS name of the Agent. Note: Supported address types are FQDN, IPv4, and IPv6.
Agent Manager Port	Specifies the port number the Agent uses to communicate; Note: You can type a new port number, but you must also configure the new port number locally on the Agent Manager itself.
Agent Manager User Name	Specifies the user name of the Agent for communicating with the SiteProtector System. Note: The account user name is set on the Agent Manager.
Agent Manager Password	Specifies the password of the Agent for communicating with the SiteProtector System. Note: Click Enter Password to add or change the password.
Enable the use of a Proxy Server	Enables the appliance to authenticate to a proxy server.
Proxy Server	Sets the IP address or DNS name of the proxy server. Note: Supported address types are FQDN, IPv4, and IPv6.
Proxy Port	Lists the port number the proxy server uses to communicate.
Use Authentication	Enables authentication to the proxy server. Note: HTTP basic authentication is only supported.
Proxy User Name	Specifies the user name to authenticate with the proxy server.

Configure or change the following certificate authentication options for an Agent Manager:

Option	Description
Authentication Level	Specifies the level of trust: Trust All: The appliance accepts connections to any configured Agent Manager without authentication. First Time Trust: (default level) The appliance receives and stores the certificate of the Agent Manager on the first connection and future connections are authenticated by using the stored certificate. Explicit Trust: The certificate for the Agent Manager must be uploaded manually to the appliance before the appliance accepts any connections to that Agent Manager. All connections to the Agent Manager are authenticated by using the stored certificate.
Agent Manager Certificate (Base64 PEM-encoded data)	Configures the SiteProtector System Agent Manager Certificate that is used to authenticate this Agent Manager. The certificate data must be in Base64-encoded Privacy Enhanced Mail (.pem) format. Copy the Agent Manager Certificate data to this field with the BEGIN and END text in the following format: -----BEGIN CERTIFICATE----- ... (Agent Manager certificate in Base64 encoding)... -----END CERTIFICATE----- Note: This field is available only when you choose Explicit Trust authentication. The certificate that is configured on the appliance for an Agent Manager must be the same certificate that is configured on the SiteProtector System that is running the Agent Manager. Only 1 certificate is allowed per Agent Manager. If you upload a new certificate, the new certificate replaces the current certificate. Reference:See the SiteProtector System documentation for instructions on how to configure a custom certificate for the SiteProtector System. If the certificate is received from the SiteProtector System by First Time Trust, you cannot remove the certificate directly, but you can replace the received certificate with a user-configured certificate by switching the authentication level to Explicit Trust. If there is no certificate in the database and you do not manually configure a certificate with Explicit Trust authentication, then the appliance fails to register with the SiteProtector System. Current Certificate Details: Displays the details of the certificate that is stored in the MSL certificate database and currently in use for the Agent Manager. When you configure a new certificate for the Agent Manager, the certificate is written to the MSL certificate database and details for the certificate are updated in this field when you deploy the policy. If you are using First Time Trust for the Agent Manager, this field displays the details of the certificate that is received from the SiteProtector System on the first connection. When the certificate in use is within 60 days of expiration, the appliance generates alerts.

Option

Description

Authentication Level

Specifies the level of trust:

Trust All: The appliance accepts connections to any configured Agent Manager without authentication.
First Time Trust: (default level) The appliance receives and stores the certificate of the Agent Manager on the first connection and future connections are authenticated by using the stored certificate.
Explicit Trust: The certificate for the Agent Manager must be uploaded manually to the appliance before the appliance accepts any connections to that Agent Manager. All connections to the Agent Manager are authenticated by using the stored certificate.

Agent Manager Certificate (Base64 PEM-encoded data)

Configures the SiteProtector System Agent Manager Certificate that is used to authenticate this Agent Manager. The certificate data must be in Base64-encoded Privacy Enhanced Mail (.pem) format.

Copy the Agent Manager Certificate data to this field with the BEGIN and END text in the following format:

-----BEGIN CERTIFICATE-----
... (Agent Manager certificate in Base64 encoding)...
-----END CERTIFICATE-----

Note: This field is available only when you choose Explicit Trust authentication.

The certificate that is configured on the appliance for an Agent Manager must be the same certificate that is configured on the SiteProtector System that is running the Agent Manager. Only 1 certificate is allowed per Agent Manager. If you upload a new certificate, the new certificate replaces the current certificate. Reference:See the SiteProtector System documentation for instructions on how to configure a custom certificate for the SiteProtector System.

If the certificate is received from the SiteProtector System by First Time Trust, you cannot remove the certificate directly, but you can replace the received certificate with a user-configured certificate by switching the authentication level to Explicit Trust. If there is no certificate in the database and you do not manually configure a certificate with Explicit Trust authentication, then the appliance fails to register with the SiteProtector System.

Current Certificate Details: Displays the details of the certificate that is stored in the MSL certificate database and currently in use for the Agent Manager.

When you configure a new certificate for the Agent Manager, the certificate is written to the MSL certificate database and details for the certificate are updated in this field when you deploy the policy. If you are using First Time Trust for the Agent Manager, this field displays the details of the certificate that is received from the SiteProtector System on the first connection. When the certificate in use is within 60 days of expiration, the appliance generates alerts.