CentOS 7 is not supported by Wanguard 8.4 or newer!
Wanguard and Wansight can be installed quickly and easily with the YUM package manager. The software runs exclusively on 64-bit Intel or AMD architectures. All packages were tested on a stock CentOS 7.x. CentOS Linux 7 has reached end of life (EOL) in June 2024!
| USER GUIDES: | Wanguard 8.3 User Guide |
| Wansight 8.3 User Guide |
| CONSOLE INSTALLATION STEPS: |
Step 1. Install the Andrisoft repository First, make sure that the Andrisoft repository is installed. [root@localhost ~]# rpm -Uvh https://www.andrisoft.com/files/redhat7/WANrepo-8.3-0.noarch.rpm
[root@localhost ~]# yum update Step 2. Install the packages Install the WANconsole package and its dependencies. Configure and start ntpd to prevent clock de-synchronization issues. [root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install WANconsole [root@localhost ~]# systemctl restart ntpd [root@localhost ~]# yum install php-pecl-radius Step 3. Configure the MariaDB service MariaDB is a drop-in replacement for MySQL. Start MariaDB and set a password for the root database user. If you will deploy Sensors or Filters on remote systems, make sure that the MariaDB server is accessible by opening port TCP/3306 in the firewall. [root@localhost ~]# mkdir -p /etc/systemd/system/mariadb.service.d/
[root@localhost ~]# nano /etc/systemd/system/mariadb.service.d/limits.conf #add [Service] and in a new line LimitNOFILE=10000 [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# nano /etc/my.cnf #set max_allowed_packet=256M, max_connections=1000, open_files_limit=5000 and add skip-name-resolve in the [mysqld] section [root@localhost ~]# systemctl start mariadb [root@localhost ~]# mysql_secure_installation [root@localhost ~]# systemctl start mariadb [root@localhost ~]# systemctl enable mariadb [root@localhost ~]# firewall-cmd --permanent --add-service=mysql [root@localhost ~]# systemctl restart firewalld Step 4. Configure the Apache service Disable SELinux and configure the firewall to open port TCP/80 and TCP/443. [root@localhost ~]# nano /etc/php.ini #set date.timezone in the [Date] section, according to http://php.net/manual/en/timezones.php
[root@localhost ~]# systemctl enable httpd [root@localhost ~]# systemctl restart httpd [root@localhost ~]# setenforce 0 ; nano /etc/selinux/config #set SELINUX=disabled [root@localhost ~]# firewall-cmd --permanent --add-service=http [root@localhost ~]# firewall-cmd --permanent --add-service=https [root@localhost ~]# systemctl restart firewalld Step 5. Install the database Finish installing the Console by running the /opt/andrisoft/bin/install_console script. Enter the MySQL root password you set on step 3 and set a password for a new database named "andrisoft". In CentOS 7, the recommended database storage engine is MyISAM. [root@localhost ~]# /opt/andrisoft/bin/install_console
[root@localhost ~]# systemctl restart httpd Step 6. Configure the Supervisor The WANsupervisor daemon must be installed and started on all systems. You have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password you set on step 5. [root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# systemctl start WANsupervisor [root@localhost ~]# systemctl enable WANsupervisor Step 7. Install InfluxDB Install influxdb from https://portal.influxdata.com/downloads or from the link listed below and execute /opt/andrisoft/bin/install_influxdb to initialize the influxdb database. [root@localhost ~]# wget https://dl.influxdata.com/influxdb/releases/influxdb-1.8.10.x86_64.rpm
[root@localhost ~]# yum localinstall influxdb-1.8.10.x86_64.rpm [root@localhost ~]# cp /etc/influxdb/influxdb.conf /etc/influxdb/influxdb.conf.backup [root@localhost ~]# cp /opt/andrisoft/etc/influxdb.conf /etc/influxdb/influxdb.conf [root@localhost ~]# systemctl restart influxdb [root@localhost ~]# /opt/andrisoft/bin/install_influxdb Step 8. Access the Console The Console web interface is accessible by pointing your web browser to http://<hostname>/wanguard or http://<hostname>/wansight, where <hostname> is the name of the server running the Console. The default username is "admin" with the password "changeme". It is highly recommended to install an SSL certificate in Apache to be able to connect securely to Console via HTTPS. |
| SENSOR INSTALLATION STEPS: |
Step 1. Install the Andrisoft repository Install the Andrisoft repository. On the Console server the Sensor is already installed so you don't need to follow the installation steps listed below. [root@localhost ~]# rpm -Uvh http://www.andrisoft.com/files/redhat7/WANrepo-8.3-0.noarch.rpm
[root@localhost ~]# yum update Step 2. Install the packages Install the WANsensor package and its dependencies. Configure and start ntpd to prevent clock de-synchronization issues. [root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install WANsensor [root@localhost ~]# systemctl start ntpd [root@localhost ~]# systemctl enable ntpd Step 3. Configure and start the Supervisor This step is required if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console IP address and database password. [root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# systemctl start WANsupervisor [root@localhost ~]# systemctl enable WANsupervisor Step 4. Setup the Sensor Log into the Console to setup the Sensor(s). Sensors are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running. |
| FILTER INSTALLATION STEPS: |
Step 1. Install the Andrisoft repository Install the Andrisoft repository if it's not already installed. [root@localhost ~]# rpm -Uvh http://www.andrisoft.com/files/redhat7/WANrepo-8.3-0.noarch.rpm
[root@localhost ~]# yum update Step 2. Install the packages Install the WANfilter package and its dependencies. Configure and start ntpd to prevent clock de-synchronization issues. [root@localhost ~]# yum install epel-release
[root@localhost ~]# yum install WANfilter [root@localhost ~]# systemctl start ntpd [root@localhost ~]# systemctl enable ntpd Step 3. Configure and start the Supervisor This step is required if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console IP address and database password. [root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# systemctl start WANsupervisor [root@localhost ~]# systemctl enable WANsupervisor Step 4. Remove local firewall rules The firewalld service overrules the Filter, and therefore has to be stopped. The Filter will manage the firewall rules. [root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop firewalld Step 5. Setup the Filter Log in to the Console to set up Filter(s). Filters are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running. |