Versions Compared

Old Version 35

changes.mady.by.user Former user

Saved on

compared with

New Version 36

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This topic only applies to Armor Complete users who are account administrators and new to the Armor Management Portal (AMP).

...

Expand
titleStep 5: Enable and Install Your SSL/VPN Access 
Note

If you run Ubuntu 16.x, then please review Install SSL VPN Client for Ubuntu 16.x.

If you run Ubuntu 18.x, then please review Install SSL VPN Client for Ubuntu 18.x.

If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher.

Note

For Account Administrators only.

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure
  2. Click SSL VPN
  3. Click Members.
  4. Click the plus ( + ) icon.

  5. In the field, enter and select the name of the user, or their email address.

  6. Mark the desired data center or data centers that the user can connect to.

  7. Click Submit.

    • The newly added user will appear in the table; the table is organized in alphabetical order, based on the first name of the user. 
  8. Click Client
  9. Click Download SSL VPN client
    • AMP will automatically detect your operating system; however, you can click Download for another platform to view other operating system options.
    • When you open the client, follow the on-screen installation instructions. 

    • For Windows users, the client will download as a .zip file.

      • Extract the installation files to your local hard drive.
      • Launch the installer.exe file to begin the installation. 

      For Mac OS users, the client will download as a .tgzfile.

      • Extract the installation files to your local hard drive.
      • Access the mac_phat_client folder, and then run the naclient.pkg installer. 
      • When you run the installer, you will see an error regarding the certificate. Click Continue. (In a future release, Armor will resolve the issue.)
      • To launch the SSL VPN client, in your Applications folder, search for naclient.
      • If you run Mac OS 10.11 or higher, then please review Install SSL VPN Client for Mac OS, version 10.11 and higher
  10. After installation, open the client.
    • In the drop-down menu, default will be listed. 



  11. Click Settings.
    • To add a new connection, you must enter a Connection Alias, Hostname/IP Address, and Port, which you can find in AMP. 



  12. Return to AMP, specifically to the Client section of the SSL VPNscreen.

  13. Use the Client Configuration table to locate the data center and corresponding information to add to the client. 



  14. Under Client Configuration, copy the Location information, and then paste that information into Connection Alias.
  15. Under Client Configuration, copy the HOST/FQDN information, and then paste that information into Hostname/IP Address.
  16. Under Client Configuration, copy the Port information, and then paste that information into Port.
  17. Click Add.
  18. Click OK.
  19. In the drop-down menu, select the newly created connection.
  20. Log into the client.
    • Your SSL VPN login credentials are the same credentials you use to access the Armor Management Portal (AMP). 
Expand
titleStep 6: Create A Firewall Rule with A New IP Address Group

Step 1: Create an IP Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several IP addresses or just a single IP address. 

You can combine related IP addresses into a single IP Group. For example, if you want to block traffic from three separate IP address, you do not have to create three separate firewall rules. Instead, you can combine the three separate IP addresses into a single, configurable IP Group. Then, when you create a firewall rule, you can pick the newly created IP Group as your Source or Destination IP addresses.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click IP Groups
  5. Click Actions, and then click New Group
  6. In IP Group Name, enter a descriptive name. 
    • Armor recommends that you add Source or Destination into the name of the IP Group to help you identify the IP Group as the Source or Destination IP group. 
  7. In Add Members To Group, enter a member, and then click the plus icon.
    • You can enter:
      • A single IP address
      • A range of IP addresses
      • CIDR
    • You must add at least one member. 
    • You can add multiple members to a service group. 
  8. Click Apply
    • The newly created IP group will appear at the bottom of the table. 

Step 2: Create a Service Group

In the Firewall screen, each entry in the table represents a single firewall rule; however, each firewall rule can contain several protocols (and ports).

You can combine related protocols (and ports) into a Service Group. For example, if you want to create a firewall rule to block three types of traffic, you do not have to create three separate firewall rules. Instead, you can combine the three types of traffic (protocols and ports) into a single, configurable Service Group. Then, when you create a firewall rule, you can pick the newly created Service Group.

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top drop-down menu, select the desired data center.  

  4. Click Service Groups
  5. Click Actions, and then click New Group.  
  6. In Service Group Name, enter a descriptive name. 
  7. In Add Members To Group, enter the service or sub-protocol, and then click the plus ( + ) icon. 
    • You must add at least one member. 

    • You can add multiple members to a service group. 

      Service or sub-protocol

      Notes

      Example

      Services (TCP, UDP, etc.)

      You must enter a port number.

      These services are not case-sensitive.

      • tcp/80
      • TCP/80
      • Tcp/80
      • tCp/80
      Additional services (AARP, AH, etc.)

      These additional services are not case-sensitive.

      Do not enter a port number with these additional services.

      • ATALK
      • igmp
      • Gre
      Sub-protocols (echo-reply, redirect, etc.)

      You must enter icmp, followed by the specific sub-protocol.

      You must enter the sub-protocol in lower-case letters.

      Do not enter a port number.

      • icmp/source-host-isolated
      • icmp/time-exceeded
  8. Click Apply
    • The newly created service group will appear at the bottom of the table. 

For a complete list of supported services and sub-protocol, see Review supported services and sub-protocols.


Step 3: Create a Firewall Rule 

  1. In the Armor Management Portal (AMP), on the left-side navigation, click Security

  2. Click Firewall

  3. If you have virtual machines in various data centers, then in the top menu, click the corresponding data center. 

  4. Click Actions, and then click New Rule

    • If you do not see Actions, then click Create a Firewall Rule
  5. In Name, enter a descriptive name. 
  6. In Action, select Allow to allow specified traffic to access your virtual machine or Block to block specified traffic. 
  7. Under Service, enter and select the name of the desired Service Group.
  8. Under Source, enter and select the name of the desired IP Group.
  9. Under Destinations, in the field, enter and select the name of the desired IP Group.
  10. Click Save Rule

After you create a rule, Armor recommends that you place the rule in the correct order.

Note

If you are not familiar with ordering rules, contact Armor Support to help you properly order your firewall rules. It is extremely important to order rules in order to receive desired traffic.

To learn how to send a support ticket, see Support Tickets.

Reorder a Rule:

  1. Under Rule, in the numbered fields, enter a number to move the rule to a different position. 
    • If you have more than 25 rules, the additional rules will be placed in a secondary section within the Firewallscreen. To reorder and move these additional rules into a higher position, enter a number under the Ordercolumn, and then press Enter on your keyboard. 
  2. In the top menu that appears, click Save.

Disable a Rule:

  1. Locate and hover over the desired rule.
  2. Click the vertical ellipses.
  3. Click Disable Rule.
  4. Click Disable Rule again.
  5. In the top menu that appears, click Save.
Expand
titleStep 7: Create A Role and Add Permissions

In the Armor Management Portal (AMP), roles are similar to job titles that you can create and assign to your users. You can populate these roles with certain permissions. For example, you can create an Audit role, and then you can add specific permissions that will give the assigned user permission to access audit-related features.

By default, a new administrator account contains an Admin role with all the available permissions selected. 

When you create a new user account, you must assign that user a role. You can assign a default role or create a new role. 

Note

There are three default permissions in AMP: 

  • Admin contains every permission in AMP.
  • Technical contains mostly write-only permissions. 
  • Billing contains mostly read-only permissions.

If you want to use a default role, then you can skip to Step 8: Create An User and Assign A Role

Expand
titleStep 8: Create An User and Assign A Role

Insert excerpt
ESLP:Invite a new user (snippet)
ESLP:Invite a new user (snippet)
nopaneltrue

Note

Repeat Step 8: Create An User and Assign A Role for every user you want to invite.

Expand
titleStep 9: Enable SSL/VPN Access for Your Users

Insert excerpt
ESLP:Enable SSL/VPN for your user (snippet)
ESLP:Enable SSL/VPN for your user (snippet)
nopaneltrue

Expand
titleStep 10: Subscribe to Data Center Notifications

Insert excerpt
ESLP:Subscribe to data center notifications (snippet)
ESLP:Subscribe to data center notifications (snippet)
nopaneltrue

Expand
titleStep 11: Configure Your Notification Preferences

Armor recommends that you configure your account to receive notifications for Account, Billing, and Technical events.

Note

These notification preferences do not relate to support tickets.

To update your notification preferences for support tickets, see Support Tickets.

Account

You will receive a notification when:

  • A password expires in 14 days.
  • A password expires in 7 days.
  • A password expires in 24 hours.
  • A password has expired.
Billing

You will receive a notification when:

  • An invoice has posted. 
  • An invoice is past due (2, 10, 15, 25, and 30 days).
  • A payment method will soon expire (1, 15, and 30 days).

You can configure a user to become the primary billing contact for an account. This user will receive billing notifications. Additionally, this user will be listed in the Bill to field in an invoice. 

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Account.
  2. Click Users
  3. Locate and hover over the desired user. 
  4. Click the vertical ellipses. 
  5. Select Set as Primary Billing Contact
  6. Click OK
Technical

You will receive a notification when:

  • A virtual machine will be deleted or downgraded.
  • CPU, disk, and memory utilization is at more than 90% for 5 minutes.
  • Ping, SSH (Linux), or RDP (Windows) fails for 5 minutes.
Note

You can only change the notification preferences for your own account. You cannot change the notification preferences for other user accounts.

  1. In the Armor Management Portal (AMP), in the top, right corner, click the vertical ellipses.
  2. Click Settings
  3. Click Notification Preferences.
  4. Use the slider to make your desired changes.
    • Select Alert to receive notifications in the top bar in the Armor Management Portal (AMP). 
    • Select Email to receive notifications through email. 
    • You can select both notification options.
  5. Click Update Notification Preference to save your changes.