Configuring The Ms And Es For Dac; Adding Additional Ess - Extreme Networks Sentriant AG Software User's Manual

Remote Device Activity Capture
2 Perform the steps detailed in
3 Go to "Starting the Windows

Configuring the MS and ES for DAC

1 Create a keystore file containing a unique key, signed certificate, and a CA certificate that is required
for SSL communication.
a On the Sentriant AG MS, enter the following command at the command line:
/usr/local/nac/bin/createRemoteDACCertificate
b When the command completes, copy the DAC_keystore file (from
specified) to
c After copying the
the MS.
NOTE
Note that for each remote DAC host, this step must be repeated as each host should have its own unique key.
2 Add a firewall rule to the ES or ESs to which the DAC host will be sending packets. On each ES:
a Enter the following command to dump the Lokkit iptables chain:
iptables -nvL RH-Lokkit-0-50-INPUT --line-numbers
b Add a rule AFTER the RELATED, ESTABLISHED rule. The rule numbers are listed in the first
column of the output from the previous statement. For example, if the RELATED, ESTABLISHED
rule is rule 5, the INSERT command would look like the following:
iptables -I RH-Lokkit-0-50-INPUT 6 -p tcp --dport 8999 -s <DAC host IP> -m
state --state NEW -j ACCEPT
If you want this addition to survive a reboot, you must use the
dump the iptables ruleset to
/sbin/iptables-save > /etc/sysconfig/iptables

Adding Additional ESs

For this release, if you want to add additional ESs, you must install them manually. A future release will
expand the options in the installer to include multiple ESs. To add additional interfaces to the DAC host:
Windows server
280
"Configuring the MS and ES for DAC" on page
Service".
C:\Program Files\Extreme\DAC\lib\
file from the MS, delete the file from its temporary location on
DAC_keystore
/etc/sysconfig/iptables
280.
or wherever you
/tmp
.
iptables-save
with the following command:
Sentriant AG Software Users Guide, Version 5.3
command and