📄️ Supported Environments
Secfense User Access Security Broker is deployed as a virtual appliance (using OVA format) and works with most current hypervisors including VMWare, Hyper-V or Proxmox.
📄️ Supported Browsers
Secfense Broker interfaces with users via Web Browsers. At the moment we consider following web browsers (in their latest available versions) as supported:
📄️ Installing the Broker
note - all default passwords are listed in this article
📄️ Default passwords
Out of the box following users with their assigned default passwords can administer the Broker:
📄️ Clustering the device
Please note – it is strongly advised to use separate hypervisors for each Secfense Broker instance that will be part of the cluster.
📄️ Enabling VRRP
Secfense Broker can utilize Virtual Router Redundancy Protocol to create a single IP which will be used as a Virtual IP in fron of clustered devices allowing them to work in an active/standby setup.
📄️ Software Upgrade
Important: Before upgrading the device, we recommend performing a backup of your device. The procedure is described in this guide.
📄️ Installing Hotfix
A Hotfix is a temporary solution to an issue that is limited to single customer and is usually related with how a certain application is protected.
📄️ Deployment
(type, instruction, success factors)
📄️ Network configuration for typical deployments
These instructions are aimed at a single protected application. To add more applications, follow these steps for each deployment.
📄️ Account hardening
(adding MFA to administrator panel)
📄️ Licensing the device
To obtain information about your current license (expiration date and user limit), go to Settings and scroll down to the bottom of the page to the "Licensing" section.
📄️ GUI Overview
This section will briefly explain the available screens and their typical use within the Secfense Broker GUI. Please note that this relates to the full view, which is designed for Super Admin users. Support users will see a less detailed GUI, limited only to the parts necessary for them to fulfill their role.
📄️ CLI Overview
Secfense Broker Command Line Interface is available on port 22 via SSH protocol. Although a wide range of configuration and diagnostic options is available, only a subset is required to properly administer the device and troubleshoot any potential issues.
📄️ "Debug Mode"
Secfense Broker employs couple of features that can aid in getting familiar with the configuration and traffic flow. Such features are especcialy helpful when troubleshooting needs to be done.
📄️ Elastic Logging
Secfense Broker uses Elastic Logging to present the information on production events. Logs are collated and saved in `/secfense/app/logs` folder. Logs in this format will also be sent to external log collector (f.ex. SIEM systems) when configured during deployment.
📄️ Password Policy
All passwords created within Secfense Broker (for Administrators, Support, etc.) must adhere to the following password policy requirements:
📄️ Quick Start
This part will present basic scenario of an "inline with load balancer" application hardening. The application that would be hardened is irrelevant, however it is important to notice that out of the box the application is only configured to accept username and password. We will use Secfense Broker to harden it with FIDO2 compliant multi factor authentication.