Most of the information on the System Configuration panel is set by using the CLI at installation time.
For instructions on how to configure the system, or to modify any other System Configuration settings, see Modify the System Configuration.
There must be a valid license to use various functions within the appliance. When a license is entered after the system starts, a restart of the GUI is needed.
Modifying the System Configuration
- Click System Configuration. to open
- Make your changes.
- Click Apply to save the updated system configuration.
|Field or Control||Description|
|Unique Global Identifier||
This value is used for collation and aggregation of data. The default value is a unique value that is derived from the MAC address of the machine. Do not change this value after the system begins monitoring operations.
|System Shared Secret||
Any value that you enter here is not displayed. Each character you type is masked.
The system shared secret is used for archive/restore operations, and for Central Management and aggregation operations. When used, its value must be the same for all units that will communicate. This value is null at installation time, and can change over time.
The system shared secret is used:
Depending on your company’s security practices, you might be required to change the system shared secret from time to time. Because the shared secret can change, each system maintains a shared secret keys file, containing a historical record of all shared secrets defined on that system. This allows an exported (or archived) file from a system with an older shared secret to be imported (or restored) by a system on which that same shared secret has been replaced with a newer one.
Caution: When used, be sure to save the shared secret value in a safe location. If you lose the value, you will not be able to access archived data.
When you enter or change the system shared secret, retype the new value a second time. Any value that you enter here is not displayed. Each character you type is displayed as an asterisk.
|License Key|| The license key is inserted in the configuration during installation. Do not
modify this field unless you are instructed to do so by Technical Support. You might need to paste a
new product key here if optional components are being added.
If you install a new product key on the central management unit, when you click Apply, you will receive a warning message that reads: Warning: changing the license on a Central Management Unit requires refreshing all managed units. After you click OK to close the message window, you must click Apply a second time to install the new product key. You will know that the new license has been installed when you receive the message: Data successfully saved.
If you install a new product key on a Central Management Unit, you might get a warning that states the license applied to the CM must be refreshed on the managed unit. This requires a refresh done from the Central Manager and is done by pressing the refresh icon from the Central Manager to each of the collectors listed.
License entitles user to access products and the corresponding features.
License can be appended or overridden.
Active license is stored in LICENSE_KEY in ADMINCONSOLE_PARAMETER
Product types DAM; FAM; VA
Edition for product types: Express; Standard; Advanced
|Number of Datasources||If a limited license is applied, the maximum number of datasources permitted per datasource license is displayed.|
|Metered Scans Left||If a limited license is applied, the number of vulnerability assessment scans permitted (datasource metering) per metering license is displayed. Each time a vulnerability assessment is triggered, the scan counter decreases by one.|
|License valid until||If a limited license is applied, a fixed date when the license will be disabled is displayed.|
|# of Licenses||This value indicates the number of licenses remaining.|
Note: Configure Network Address, Secondary Management Interface and Routing settings using the CLI
|These settings cannot configured through the GUI and appear grayed-out on the System Configuration user interface.|
|System Hostname||The resolvable host name for the Guardium system. This name must match the DNS host name for the primary System IP Address.|
|Domain||The name of the DNS domain on which the Guardium system resides.|
|System IP Address||The primary IP address that users and S-TAP® or CAS agents use to connect to the Guardium system. It is assigned to the network interface labeled ETH0.|
|SubNet Mask||The subnet mask for the primary System IP Address.|
|Hardware (MAC) Address||The MAC address for the primary network interface.|
|System IP Address (Secondary)||Optional: A port can also be configured to team with the primary interface in
order to provide high-availability failover IP teaming.
Alternatively, a port on the device can be configured as a secondary management interface with a different IP address, network mask, and gateway from the primary.
These two options are mutually exclusive.
There are two different, and mutually exclusive, kinds of secondary management connections, both controlled by options to the same CLI command:
BOTH physical and VM systems have the same capabilities. dependent on the number of NICs installed on the Guardium system or VM.
To display the network interfaces installed on the unit, use the show network interface inventory CLI command. For example:
Member ofwill show which NICs are in a bond pair, if a bonding exists.
To locate the eth connectors on your appliance, use the show network interface port CLI command, which will blink the orange light on that port, 20 times. For example:
guard14.xyz.com> sho net int port 3
The orange light on port eth5 now blinks 20 times.
Note: The secondary IP address and its associated port are NOT related to the high availability feature, which provides fail-over support via IP Teaming for the primary connection. For more information about the high-availability option, see the store network interface commands in the CLI Appendix.
|SubNet Mask (Secondary)||Optional. The subnet mask for the secondary System IP Address.|
|Default Route/ Secondary Route||The IP address of the default router for the system./ The IP address of the Secondary Router.|
|Primary Resolver Secondary Resolver Tertiary Resolver||The IP address for the Primary Resolver (DNS) is required. The secondary and tertiary are optional.|
|Test Connection||Click Test Connection to test the connection to the corresponding DNS (Domain Name System) server. This only tests that there is access to port 53 (DNS) on the specified host. It does not verify that this is a working DNS server. You will receive a message box indicating if the DNS server responded.|
|Stop||Click Stop to shut down the system.|
|Restart||Click Restart to stop and then restart the system. You will be prompted to confirm the action.|
|Apply||Click Apply to save the changes. The changes are applied the next time the system restarts.|