Monitoring Forcepoint Stonesoft Management Center (SMC) Devices

Overview

TOS Aurora monitors Forcepoint devices for policy revision changes.

To see which TOS features are supported for your device, review the feature support table.

Before you add a Forcepoint Stonesoft Management Center (SMC) device to TOS Aurora, you must prepare the SMC with a certificate for the SMC API. The firewalls must be configured under the Share Domain.

Prepare the Forcepoint Stonesoft Management Center (SMC)

1. Log in to the device interface.
2. Go to: Configuration > User Authentication

3. Navigate to Administration > Certificates > TLS Credentials.

   

4. In the top right-hand corner, select New.

5. Enter TOS Aurora as the name and common name of the request, and click Next.

   

6. Select Self-Sign.

   

7. Select Finish.

8. Go to: Home .

9. From the Others list, right-click on Management Server and select Properties.



10. In the SMC API tab of Management Server -Propertieschoose the certificate that you just created. Click Select.

    

11. Click OK to close the Management Server properties.
12. Go to: Configuration > Administration > Access Rights > API Clients
13. Right-click on API Clients and select New API Client.

14. In the General tab, enter the name securetrack_api, copy the authentication key, and click OK.

    Copy the key to a temporary location because you cannot get the same key again from the API client settings.

    If the key is lost before you enter it into SecureTrack, you must generate a new key.

15. In the Permissions tab, select Unrestricted Permissions and select the Superuser role.
16. Click OK.

You can now add the Forcepoint device to SecureTrack.

SecureTrack and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

Add a Device

1. Select Forcepoint > Stonesoft - Management Center:

   

2. Configure the device settings:

   

   • Name for Display
   • Get revisions from IP Address

   • ST server: In a distributed deployment, select which TOS Aurora cluster monitors this device (not shown in image)

   Click Next.

3. Configure the SecureTrack connection to the Forcepoint device, according to the parameters required by the device:

   

   • Enter the authentication details needed to connect to the Forcepoint device.
   • TOS Aurora connects to Forcepoint devices with the REST protocol. To use default settings (recommended in most cases), leave the Port number blank.
   • Specify the version of that is installed on the Forcepoint device. To use default settings (recommended in most cases), leave the Port number blank.
   • Click Retrieve Certificate to setup encrypted communication between TOS Aurora and the Forcepoint device.

     The certificate, and the following message, appear:

     

   Click Next.

4. In Monitoring Settings, do one of the following:

   

   • To use real-time monitoring and timing settings from the Timing page, select Default.

   Otherwise, select Custom and configure the monitoring mode and settings.

   • Periodic Polling, select Custom settings and configure the Polling frequency: How often TOS Aurora fetches the configuration from each device.

     If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

   Click Next. 

5. Save the configuration.

   The Forcepoint device now appears in the Monitored Devices tree.

To customize the device object that represents the Internet, see Define Internet Object.

Import devices or domains managed by the Forcepoint device into TOS Aurora

1. Make sure you receive the first Forcepoint policy revision.
2. Select the Forcepoint device from the device tree.
3. Click Import Managed Devices or Import Domains and Managed Devices.
4. From the list of devices managed by the Forcepoint device, select the devices to import and click Import.

5. Do one of the following:

   • Click Reset to update the list of managed devices.
   • Click Done to return to the device tree.

     The managed devices appear under the Forcepoint device in the device tree.

   • If available, click to Collect Dynamic Routing Information for the managed devices.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

Example

• Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

• Delete this device: Type yes to confirm that you want to delete the device.

• Import Domains and Managed Devices

• Migrate (ST servers): Available in distributed deployments. Select the server where the device will be monitored and click Migrate.

• Migrate (Domains): Available in multi-domain deployments. Select the domain where the device will be monitored and click Migrate.

• Define Internet object

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices