UpPrevious Next
Sheriff CSM™
Duplicating Firewall Rules in Sheriff CSM Standard Sensors (Deputies)
Whenever you add one or more Sheriff CSM Standard Sensors to the Sheriff CSM Standard Server in a system, you must add server-specific firewall rules to the Sensors. This preserves the ability to execute remote scans.
This topic describes how to add firewall rules and also how to disable them when you need to disable HA, for example, during an upgrade.
Adding Server-Specific Firewall Rules to Sensors
To add server-specific firewall rules to the Sensors
-
On each Sheriff CSM Standard Sensor, enter the following command, even if not all Sensors are part of the HA configuration:
sheriff-ha-assistant –f <master_server_ip> <slave_server_ip>
Removing Firewall Rules from Sensors
To remove firewall rules from Sensors when HA has been disabled in the servers
Restoring Firewall Rules in Sensors
When you disable an HA connection between two Sheriff CSM Standard Sensors at the same level, it disables all HA firewall rules, not only in that location, but also among Sensors at the upper level. For this reason, you must restore the firewall configuration after any HA disablement.
To restore the firewall configuration on the Sensors