Initial configuration

Once the FlowPro appliance has been deployed, power it on and log into the console using the credentials root:plixer. The appliance will then reboot following a quick initialization sequence.

Note

  • For hardware appliances, SSH to 192.168.168.168/24 using the credentials plixer:flowpro instead. KVM appliances should run virsh console Plixer FlowPro and log in with the credentials plixer:flowpro.

  • Before proceeding, review these pre-deployment notes and complete the licensing process.

After the reboot, log in again and follow the initial setup script (~/flowpro/setup.sh) prompts:

  1. Review and accept the EULA.

  2. Configure the networking properties and user credentials for the appliance:

    • Appliance hostname (must be a fully qualified hostname)

    • Static IP address (must match the address registered for the probe in Scrutinizer)

    • CIDR (mask only - 8, 16, etc.)

    • Gateway

    • DNS IP

    • New password for the root user

    • New password for the plixer user

  3. Wait for the appliance to reboot, and then SSH to the IP address entered as the plixer user with the new password.

  4. Provide the following Scrutinizer details:

    • Current password for the plixer user

    • IP address of the Scrutinizer server (or the primary reporter in distributed clusters)

    • Destination collector address (either same standalone server as above, a remote collector in a distributed cluster, or a Replicator instance)

    • Authentication token generated by Scrutinizer

  5. Enter the following details to generate a new SSL certificate:

    • Country name: 2-letter country code

    • State or province name: Complete state or province name

    • Locality name: Complete locality or city name

    • Organizational unit name: Section

    • Common name: Server FQDN or your name

    • Alternative DNS name 1 (press Enter to stop adding)

  6. Select whether the appliance can access the Internet or to continue the setup locally, and then follow the additional instructions.

  7. [Optional] Configure a SPAN/mirror session:

    • Specify the Rx and Tx monitor interfaces (e.g., mon1, mon2, etc.) on the appliance that will be receiving the traffic.

    • Select to apply FlowPro analytics for the monitored traffic.

  8. [Optional] Configure ERSPAN:

    • IP address to assign to a monX interface

    • Source IP

    • Destination IP

    • ERSPAN ID and key

    • Select to apply FlowPro analytics for the monitored traffic.

  9. [Optional] If a FlowPro key has not been entered via the Scrutinizer web interface, select Yes to enter it when prompted.

  10. Enter the address of the NTP server to use for clock-syncing.

After the above steps have been completed, Scrutinizer should start receiving flow data from an exporter with the FlowPro appliance’s local MGMT interface address.

Note

The setup script automatically generates both a self-signed certificate and a certificate signing request (~/flowpro/server.csr). After getting the request signed by a certificate authority, overwrite the existing ~/flowpro/server.crt. To continue using the self-signed certificate, navigate to https://<FLOWPRO_MGMT_IP>:8080 on each user browser and accept the security exception.

Setup utility runmodes

After the initial setup process, ~/flowpro/setup.sh can be manually executed to re-run the entire setup utility or access specific configuration services using the optional flags below:

sudo ./setup.sh [OPTION]

Reset /home/plixer/flowpro/flowpro-settings.yaml to its default state

--reset-config

Back up the current configuration

--reconfigure

Register all interfaces as monX interfaces

--monitor-ports

Configure exporter settings, including MGMT IP, Scrutinizer server/reporter IP, collector IP, and authentication token; configure Kafka is ML Engine ETA IP is provided

--exporter-config

Configure SSL certificate details and re-create the self-signed certificate and certificate signing request

--cert-generation

Pull Suricata image from Dockerhub and set up Docker environment (also supports offline setup with a local Docker image)

--container-setup

Configure ERSPAN settings

--erspan-config

Reset firewall settings to default

--firewall-mgmt

Configure Rx and Tx interface pairs for monitoring

--create-observation-point

Add/edit a FlowPro key (written to /etc/nprobe.license)

--set-apm-key

Configure NTP server details (written to /etc/ntp.conf) and restart the service

--set-ntp

FlowPro service management

The FlowPro service is managed using the following command:

service flowpro [start|stop|restart]