1. Manuals
  2. Brands
  3. Forum Manuals
  4. Gateway
  5. SENTRY
  6. Quick start manual

Forum SENTRY Quick Start Manual

Api security gateway
Hide thumbs
Table of Contents

Advertisement

Quick Links

F
S
API S
G
ORUM
ENTRY
ECURITY
ATEWAY
Q
S
G
UICK
TART
UIDE
V8.9
Forum Sentry Quick Start Guide |
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SENTRY and is the answer not in the manual?

Questions and answers

Summary of Contents for Forum SENTRY

  • Page 1 API S ORUM ENTRY ECURITY ATEWAY UICK TART UIDE V8.9 Forum Sentry Quick Start Guide |...
  • Page 2 No portion of this document may be reproduced or copied in any form, or by any means – graphic, electronic, or mechanical, including photocopying, taping, recording, or information retrieval system – without expressed permission from Forum Systems, Inc. FORUMOS™ Firmware, Forum Systems XMLSec™ WebAdmin, Forum Systems XML Security Appliance™, Forum Sentry™, Forum Presidio™, Forum XWall™, Forum Sentry™...

  • Page 3: Table Of Contents

    1. Obtaining SOAPSonar from Crosscheck Networks ..................13 2. Loading the WSDL into SOAPSonar ......................13 3. Sending a Request to the Sentry WSDL Policy .................... 15 4. Reviewing Transactions in the Sentry System Log ..................16 Deploying a REST API – Building a REST Policy ................18 1.

  • Page 4: Introduction

    This guide will detail how to deploy SOAP and REST APIs through Sentry, send transactions for these policies and review the details of the transactions within the Sentry logs. Links to the full Sentry documentation are included in the last chapter, as is the full contact information for Forum Systems Support.

  • Page 5: Forum Sentry Software Installation Procedures

    (WebAdmin) will be able to be accessible from a web browser on that machine using the address: https://127.0.0.1:5050. If you have not yet obtained a license key for Sentry, the initial login page at the link above will provide instructions for obtaining and applying a Sentry license.

  • Page 6: Forum Sentry Virtual Appliance Installation Procedures

    Some general instructions are included below. For detailed installation steps please refer to the” FS Sentry VMware Virtual OS Installation Guide” available from Forum Systems Support. • The OVA file is run on VMware server technology and has the same "look and feel" as the Sentry hardware appliances. •...

  • Page 7: Forum Sentry Hardware Appliance Installation Procedures

    The Forum Sentry appliances run the FIPS certified ForumOS™ operating system. Each appliance will need to be racked and configured for network access. The user interfaces to the Sentry appliances are the CLI (command line interface) accessible via SSH (network) or Serial console (physical) and the WebAdmin interface available via HTTPS.

  • Page 8: Forum Sentry Ami Installation Procedures

    Administration interface will be available from a web browser. 5. Forum Sentry AMI Installation Procedures The Forum Sentry AMI for Amazon Web Services (AWS) is a virtual instantiation of the FIPS certified ForumOS™ operating system running within AWS EC2. Some general instructions are included below. For detailed installation steps please refer to the” FS Sentry Amazon AMI Installation Guide”...

  • Page 9: Deploying A Soap Api - Creating A Wsdl Policy

    Deploying a SOAP API - Creating a WSDL Policy A WSDL policy in Sentry is a set of rules that provide a policy for processing of Web Service SOAP messages flowing through the system WSDLs can be imported from a file, URL or UDDI search. This Quick Start Guide assumes the user has a SOAP Web Service with a WSDL that they want to protect with Forum Sentry.

  • Page 10: Importing A Wsdl

    The steps below provide an outline for building a Sentry WSDL Policy. For more information and detailed instructions please review the WSDL Policies Guide available through the Help menu in the WebAdmin interface. 1. Importing a WSDL 1. Log into the WebAdmin interface and navigate to the Gateway>>Gateway Policies>>WSDL Policies page.

  • Page 11: Reviewing The Wsdl Policy And Enable Wsdl Access

    • The listener policy is the IP and Port that Sentry will listen on for incoming traffic for this WSDL policy. • The “Use Device IP” option selects the WAN IP address (the device IP) as the listening IP address.

  • Page 12: Review The Associated Network Policies

    By default, the WSDL generation and access is disabled. If you want your clients to be able to access the WSDL from the Sentry WSDL policy, enable this option by checking the checkbox. 3. For the purposes of this tutorial, ensure that the “Enable WSDL access” option is checked. The WSDL for this service can then be retrieved using the full Virtual URI with the ?WSDL syntax added at the end.

  • Page 13: Testing The Sentry Wsdl Policy

    Testing the Sentry WSDL Policy After creating a WSDL Policy on Sentry, administrators will want to test the policy. We recommend using the free edition of the SOAPSonar Service Testing tool from Crosscheck Networks to generate the SOAP messages to test the Sentry policies.
  • Page 14 Schema Fields view. This allows you to easily enter data for each element of the SOAP request being generated. Click on the XML tab to see the auto-generated SOAP message from the schema field values provided. Forum Sentry Quick Start Guide | 14...

  • Page 15: Sending A Request To The Sentry Wsdl Policy

    4. Notice that the Request also has a URI field. This is auto populated based on the endpoint defined in the WSDL. As this WSDL was retrieved from the Sentry WSDL Policy, the URI should be the Virtual URI for the Sentry WSDL Policy.

  • Page 16: Reviewing Transactions In The Sentry System Log

    3. You have now sent a request transaction through the Sentry WSDL policy. Try sending an invalid request by modifying the request XML (on the XML tab) and notice that Sentry will block the message and return a SOAP fault error message.
  • Page 17 Session: Each log message for a specific transaction has the same session ID. This allows for easy filtering of the log to only show log messages for a specific transaction. • Code: Each type of event is logged with its own logging code. You can configure Sentry to only allow certain codes. •...

  • Page 18: Deploying A Rest Api - Building A Rest Policy

    Unlike a SOAP API, there is no WSDL to import into Sentry. Building a REST policy in Sentry is very similar to building an XML, JSON, or HTML policy. The steps are essentially the same for all of them.

  • Page 19: Review The Associated Network Policies

    A Remote Policy can be of many different protocol types including HTTP, FTP, MQ, EMS, sFTP, and more. A remote policy does the following: • Defines the remote IP and Port that Sentry will communicate with (HTTP, HTTPs, etc) • Defines Send Queue to publish processed messages (MQ, EMS, JMS, etc) •...

  • Page 20: Configuration Next Steps And Additional Information

    Configuration Next Steps and Additional Information 1. Configuration Next Steps After completing this Quick Start Guide, Sentry administrators may now want to further customize the Sentry policies. Some immediate considerations should be: 1. Configuring SSL – Security Policies and PKI Guide 2.

Table of Contents