Monitoring Akamai Guardicore

Overview

Add Guardicore devices to TOS to monitor and manage them. TOS monitors the devices for policy revision changes and provides ongoing visibility into configuration and compliance.

To monitor Guardicore devices, you must:

To see which TOS features are supported for your device, review the SecureTrack Features by Vendor.

 

Add Guardicore Centra user and Permission Scheme

Create the TOS user in the Guardicore Centra account and assign the correct Permission Scheme to monitor Guardicore devices in TOS.

  1. Log in to Guardicore and go to System > User Management > Users.

  2. Click + Create User.

  3. Enter the user details and from the Permission Scheme list, select gc-support.

  4. Save the user.

 

Akamai Guardicore device settings

The table below describes the settings to configure for a Guardicore device in TOS.

Device Setting Description

General settings

 

  • Device Type: Automatically populated.

  • Name for Display: The display name for the device.

  • Domain: The default domain, or in a multi-domain environment, the domain where you add the device.

  • ST Server: In distributed environments, the central or remote TOS cluster that monitors the device.

Connection settings

 

 

 

 

  • Username: The username of the Centra user account that TOS uses for API-based access.

  • Password: The password for the Centra user account that TOS uses for API-based access.

See Guardicore user Permission Scheme.

  • Centra URL: The Centra management address that TOS uses to establish a Centra session in the format: https://<centra-url> .

    The URL can be an FQDN/hostname, an IP address, or a management address provided by your Centra platform owner.

  • Deployed as SaaS: Select for SaaS deployments.
    For on-premises deployments, leave unchecked.

  • Proxy :  The proxy server and settings to connect to the cloud:

    • IP/Hostname: Mandatory. The IP address or Hostname of the proxy server.

    • Port: Mandatory. The port to use when connecting to the proxy server.

    • Username: Optional. The username, if the proxy server requires authentication.

    • Password and Confirm Password: Optional. The password, if the proxy server requires authentication.

    From R25-2 PHF3.0.0, if the proxy performs TLS inspection, you must import the proxy’s trusted certificate into TOS before configuring the proxy. See Import a Proxy Certificate for TLS Inspection.

  • Retrieve certificate: Applicable only in on-premises environments.

    The action retrieves the certificate that SecureTrack uses to set up encrypted communication with Guardicore device and displays a confirmation message.

Monitoring settings

 

  • Default: Monitors at 1-hour intervals using settings from the Timing page.

  • Custom: Uses Periodic Polling as configured.
    Select either Use timing page settings, or Custom settings and set the Polling frequency.

Add a Guardicore device

Add a Guardicore device for visibility and monitoring.

Prerequisites

Steps

  1. In SecureTrack, go to Monitoring > Manage Devices.

  2. Select Akamai > Guardicore.

  3. Follow the instructions in the device wizard to configure settings. Review Akamai Guardicore device settings.

  4. Click Save to add the device.

Managing Guardicore devices

After you add a Guardicore device, you have several options to manage the device, depending on your environment:

  • Edit configuration: Edit the device's configuration settings in the device wizard. See Akamai Guardicore device settings.

  • Delete the device: Delete the device from SecureTrack.

  • Migrate (ST servers): Available in distributed deployments. Select the server where the device will be monitored and click Migrate.

  • Migrate (Domains): Available in multi-domain deployments. Select the domain where the device will be monitored and click Migrate.