Server communication matrix


Each server that runs Wanguard or Wansight Sensor or Wanguard Filter must keep an always-on connection with its associated Console.

Best practices when deploying software components on remote servers:
  • An "event log" record is generated each time a remote system becomes unavailable. Enable Event Reporting in Configuration » Schedulers » Events Reporting to get automatic notifications about critical event log entries such as these, by email, syslog or SNMP.
  • The WANsupervisor service quits generating a syslog error when the MySQL server of the Console becomes unavailable. Make sure that the WANsupervisor service is restarted after a network error with a tool like daemontools, monit, etc. Distributions that use systemd restart this service automatically.
  • If possible, connect the servers using out-of-band links (e.g. management ports belonging to a management vlan with private IP addresses).
  • Use BGP blackholing, or configure the Filter to block attacks that might congest the network connection to the Console server.
The communication between servers is done solely via MySQL, MySQL over SSL, or NFS (see the next paragraph). If you use multiple servers, make sure that TCP port 3306 (MySQL) is allowed through the firewall.

For performance reasons, Flow Sensor saves flow data on its server and Packet Sensor also saves packet dumps locally. To list or generate tops for flows, or to inspect packet dumps from the user interface, each remote server must export a path to the Console server using NFS. The configuration of NFS is explained in the KB article nfs configuration for remote servers. Collecting flows and packet dumps is optional.


Author
Andrisoft Team
Date Created
2014-02-07 10:15:16
Date Updated
2017-11-29 23:57:01
Views
3426