Configuring SiteProtector split writing

Use the SiteProtector Split Writing page to configure options that enable the Network IPS appliance to report events to two SiteProtector™ systems (primary and secondary) simultaneously for event backup.

Before you begin

To enable this feature, you must complete the following tasks:

  1. Register the Network IPS appliance with a primary SiteProtector system by configuring options from the Network IPS Local Management Interface (LMI) at Manage System Settings > Appliance > SiteProtector Management.
  2. Enable a secondary SiteProtector system by configuring options from the SiteProtector system at Policy > Split Writing.

About this task

The primary SiteProtector system manages the Network IPS appliance and reports events from the appliance. For robust management, you can configure the appliance to register with a SiteProtector system that has multiple Agent Managers. To add multiple Agent Managers for the primary SiteProtector system, see the procedure in Configuring SiteProtector Management in the Network IPS Local Management Interface to configure options for each Agent Manager that you want to add to the list of Agent Managers. The appliance can communicate with only one Agent Manager at a time. When the appliance loses communication with the current Agent Manager, the appliance moves to the next Agent Manager in the list.

The secondary SiteProtector system handles event backup, but does not manage the appliance if the appliance can still communicate with the primary SiteProtector system. For added robustness, you can configure the appliance to register with a secondary SiteProtector system that has multiple Agent Managers. To add multiple Agent Managers for the secondary SiteProtector system, follow the procedure in this topic. The appliance reports events to one Agent Manager at a time. When the appliance fails to report to the current Agent Manager, the appliance moves to the next Agent Manager in the list.

When the appliance is registered to the primary SiteProtector system and is configured for split writing, the primary SiteProtector system manages the appliance and reports events to both the primary SiteProtector system and the secondary SiteProtector system. If the primary SiteProtector system fails, the secondary SiteProtector system takes over management duty from the primary SiteProtector system. The appliance uses the existing group policy that is configured for the secondary SiteProtector system.

If the primary SiteProtector system recovers from the communication failure, appliance management does not automatically revert to the primary SiteProtector system. To establish communication with the primary SiteProtector system, take one of the following actions:
  1. Register the Network IPS appliance to the primary SiteProtector system again by configuring options from the Network IPS LMI at Manage System Settings > Appliance > SiteProtector Management.
  2. Disable the split writing feature from the SiteProtector system at Policy > Split Writing.
Important: The cryptography level for SiteProtector registration also applies to split writing. Make sure that the cryptography level for the secondary SiteProtector system is compatible with the cryptography level that you configured when you registered the Network IPS appliance with the primary SiteProtector system.

Procedure

  1. From the SiteProtector system, select Policy > Split Writing.
  2. Click the SiteProtector Split Writing tab, and select the Enable SiteProtector Split Writing check box.
  3. Configure the following options for the secondary SiteProtector system:
    Option Description
    Local Settings Override SiteProtector Group Settings The appliance maintains all local settings. Any group policy settings that are set in the secondary SiteProtector system do not affect this appliance.
    Note: If you do not select this option, the appliance inherits the settings of the secondary SiteProtector system group that you specify at the first heartbeat.
    Desired SiteProtector Group for Sensor The name of the secondary SiteProtector system group to which the appliance belongs.
    Important: Assign the appliance to a group that contains only other Network IPS appliances.
    Heartbeat Interval (secs) Type the number of seconds that the appliance waits between sending heartbeats to the secondary SiteProtector system.
    Note: Valid entries are 300 - 86,400 seconds.
  4. In the Agent Manager Configuration area, click the Add icon and configure options for each Agent Manager that you want to add to the list of Agent Managers:
    Option Description
    Authentication Level Specifies the level of trust.
    Note: The default option first-time-trust is the best choice for most environments.
    Agent Manager Name Lists the Agent Manager name exactly how it is displayed in the secondary SiteProtector system (case-sensitive).
    Agent Manager Address Lists the IP address of the Agent.
    Note: This entry supports IPv4 and IPv6 addresses.
    Agent Manager Port Specifies the port number where the Agent is; the default value is 3995.
    Note: You can type a new port number, but you must also configure the new port number locally on the Agent Manager itself.
    Use Proxy Settings Specifies whether proxy settings are enabled or not.
    Proxy Server Address Lists the IP address of the proxy server.
    Proxy Server Port Lists the port number of the proxy server.