FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff
Article Id 189837

Description

This article describes how the external webserver can utilize reverse proxy pass in order to forward traffic with external users directly to an internal AccelOps Instance

Web Server Configuration

  1. Install CentOS 6.5
  2. SSH to CentOS as root
  3. Install Apache server by running: yum install httpd
  4. Start Apache server by running: service httpd start
  5. Enable chkconfig for httpd service by running: chkconfig httpd on
  6. Install SSL module by running: yum install mod_ssl
  7. Upload attached ao_ssl.tar to CentOS and Extract file
  8. Copy ao_ssl/* to /etc/httpd/conf.d/
  9. Edit ssl.conf and Redirect calls to port 8181 of AccelOps Supervisor by changing Proxy IP address
    • ProxyPass /phoenix https://<Super-IP>:8181/phoenix
    • ProxyPassReverse /phoenix https://<Super-IP>:8181/phoenix
  10. Change SELinux boolean value by running: setsebool -P http_can_network_connect 1
  11. Restart Apache server: service httpd start

 

AccelOps Supervisor Configuration

  1. SSH to AccelOps Supervisor and enable inbound 8181 on ip tables (you may need to narrow the source ip also)
    • iptables -A INPUT -p tcp -m tcp --dport 8181 -j ACCEPT
    • service iptables save
    • service iptables restart

 

Firewall Configuration

  1. Open port 8181 from Web Server to AccelOps

 

Logging on to AccelOps

  1. External users connect to the web server: https://<Web Server IP>/phoenix
  2. Internal users connect to AccelOps: https://<AccelOps Super IP>

 

Contributors