Now Available: Technical Preview of Astaro Endpoint Security

Hi all,

with version 8.165 I'm glad to announce that we added a technical preview for our upcoming endpoint security product.
Please make sure that you install a fresh ISO of 8.165, as the up2date from 8.164 to 8.165 will not work correctly due to some missing RPMs.

Endpoint Security will show up in WebAdmin once you do on the ASG console:

touch /var/sec/chroot-httpd/var/webadmin/show_epp
/etc/init.d/httpd restart

With Astaro Endpoint Security (AES) you are able to control all sorts of ports on PCs, laptops and servers to build access policies for those devices. Setup is easy:

1. Enable Astaro Endpoint Security with a view clicks.
2. Download the Astaro Security Agent (Endpoint Security -> Agent Deployment -> Deploy Agent)
3. Install the MSI package on your endpoint machine(s)
4. Choose a policy to deploy (Devices & Port Control -> Global)
5. Enjoy!

Check it out and don't hesitate to post your feedback on the UBB or feature.astaro.com!

Cheers,
Eric

Parents

0 wingman over 13 years ago

Hi Eric

Should the Endpoint Security section be reflected on the Dashboard under the "Current system configuration" section ?
Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ebegoc over 13 years ago in reply to wingman

Hi Eric

Should the Endpoint Security section be reflected on the Dashboard under the "Current system configuration" section ?
Thanks

It will be - not yet in the preview [;)]

Thanks
Eric
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 x-tec over 13 years ago in reply to ebegoc

do i need a public ip adress to get this feature to work? (my beta Firewall has only a private Adress behind my main Astaro)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ebegoc over 13 years ago in reply to x-tec

Hi,

no you don't need a public IP address to test the endpoint security. If you are in the same network, your endpoints will find the beta ASG without the broker service. However, you need access to the internet so that the ASG can register to the broker service (required for agent setup)...

/eric
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 x-tec over 13 years ago in reply to ebegoc

Here is a Packetfilter-Log line from my Main Astaro.

15:05:19 Default DROP TCP 79.125.115.13 : 50928 → 93.244.179.175 :21378
[SYN] len=60 ttl=50 tos=0x00

i think my Beta Astaro has to have a public IP, since the connection will be initiated by the broker-side
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 x-tec over 13 years ago in reply to ebegoc

Here is a Packetfilter-Log line from my Main Astaro.

15:05:19 Default DROP TCP 79.125.115.13 : 50928 → 93.244.179.175 :21378
[SYN] len=60 ttl=50 tos=0x00

i think my Beta Astaro has to have a public IP, since the connection will be initiated by the broker-side
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 ciederan over 13 years ago in reply to x-tec

i think my Beta Astaro has to have a public IP, since the connection will be initiated by the Brocker-side

You are correct, your inner ASG must have public IP because:

step 1: Inner ASG connects to broker (https://eps.geo.astaro.com) on port 443 to tell about its presence.
(This request must be made from a public ip, because on step #2 broker will connect to this ip)

step 2: Broker connects to your inner ASG on port 21378 (to forward clients request)

(Note: you can set on your gateway a SNAT + DNAT rule to forward your inner ASG)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel