Duplicating Firewall Rules in Sheriff CSM Standard Sensors (Deputies)

Whenever you add one or more Sheriff CSM Standard Sensors to the Sheriff CSM Standard Server in a system, you must add server-specific firewall rules to the Sensors. This preserves the ability to execute remote scans.

This topic describes how to add firewall rules and also how to disable them when you need to disable HA, for example, during an upgrade.

Adding Server-Specific Firewall Rules to Sensors

To add server-specific firewall rules to the Sensors

On each Sheriff CSM Standard Sensor, enter the following command, even if not all Sensors are part of the HA configuration:
```
sheriff-ha-assistant –f <master_server_ip> <slave_server_ip>
```

Removing Firewall Rules from Sensors

To remove firewall rules from Sensors when HA has been disabled in the servers

Run the following command in the Sheriff CSM Standard Sensor(s) to remove the configuration:
```
sheriff-ha-assistant -d
```

Restoring Firewall Rules in Sensors

When you disable an HA connection between two Sheriff CSM Standard Sensors at the same level, it disables all HA firewall rules, not only in that location, but also among Sensors at the upper level. For this reason, you must restore the firewall configuration after any HA disablement.

To restore the firewall configuration on the Sensors

Run the following command in the Sheriff CSM Standard Sensor(s) to restore firewall rules:
```
sheriff-ha-assistant –f <master_server_ip> <slave_server_ip>
```

Topic revision: r5 - 07 Sep 2021, SheriffCyberSecurity

Sheriff

User Guides

Sheriff CSM

Deployment Guide

User Guide