Forum SENTRY Quick Start Manual Download Page 18 | Manualshive

Page: 18 / 20

background image

Forum Sentry Quick Start Guide | 18

V.

Deploying a REST API – Building a REST Policy

A REST policy in Sentry is a set of rules that provide a policy for processing of RESTful Web Service requests
and responses flowing through the system.

Unlike a SOAP API, there is no WSDL to import into Sentry. Building a REST policy in Sentry is very similar to
building an XML, JSON, or HTML policy. The steps are essentially the same for all of them.

The steps below provide an outline for building a Sentry REST Policy. For more information and detailed
instructions please review the

XML

Policies Guide

available through the Help menu in the WebAdmin interface.

1. Creating the REST Policy

1. Under the Gateway >> Content Policies menu, click on REST Policies. Click new to start the wizard

to build the REST policy. Provide a Name, Description (optional), and Label (optional) for the REST
policy, click

Next

.

•

Select or build the Listener policy - The listener policy is the IP and Port that Sentry will
listen on for incoming traffic for this REST policy.

•

The “Use Device IP” option selects the WAN IP address (the device IP / host OS machine IP
address) as the listening IP address.

•

The Virtual Directory Path is the path for this REST policy (for the listener URI, this is
everything after the port number).

•

The remote policy is the actual endpoint for the service. This is where Sentry will send the
processed request - after receiving the incoming request and performing the Access
Control, IDP scan, schema validation, and any task processing defined in Sentry.

•

The “Send to remote server” option should be enabled if you want to use this policy in proxy
mode (send the processed request to a back-end service). Disable this option if you want to
use this policy in service mode (the processed request is sent immediately back to the client
– nothing is sent to a back-end service).

2. After entering the appropriate values, click

Next

to create the REST policy.

2. Reviewing the REST Policy and Building Additional Virtual Directories

1. When the REST Policy has been successfully created, the status, the Virtual URI, and the Physical

URI are listed on the screen. You can add multiple virtual directories to the same REST policy and
many use cases will require this.

For instance, many SSO use cases will have a “service mode” /

login

virtual directory that simply

consumes user credentials then sets a cookie and redirects the client to the

/service_path

virtual

directory - which requires cookie authentication. In this case the

/login

directory never proxies to a

remote server.

When a request comes into Sentry, if it does not match a defined virtual directory it will be rejected
(404 virtual directory not found). Using a root virtual directory (

/

) will catch all traffic.

«
...
16
17
18
19
20
»

Summary of Contents for SENTRY

Page 1: ...Forum Sentry Quick Start Guide 1 FORUM SENTRY API SECURITY GATEWAY QUICK START GUIDE V8 9 ...

Page 2: ...ec WebAdmin Forum Systems XML Security Appliance Forum Sentry Forum Presidio Forum XWall Forum Sentry Web Services Gateway Forum Presidio OpenPGP Gateway Forum FIA Gateway Forum XWall Type PCI Forum XWall Web Services Firewall and Forum XRay are trademarks and registered trademarks of Forum Systems Inc All other products are trademarks or registered trademarks of their respective companies Copyrig...

Page 3: ...e WSDL Policy 10 3 Reviewing the WSDL Policy and Enable WSDL Access 11 4 Review the Associated Network Policies 12 IV Testing the Sentry WSDL Policy 13 1 Obtaining SOAPSonar from Crosscheck Networks 13 2 Loading the WSDL into SOAPSonar 13 3 Sending a Request to the Sentry WSDL Policy 15 4 Reviewing Transactions in the Sentry System Log 16 V Deploying a REST API Building a REST Policy 18 1 Creating...

Page 4: ...on for Forum Systems Support II Requirements and Installation 1 Minimum Requirements Software The following are minimum requirements for the Sentry software instances only Operating System Requirements Windows 2000 XP 2003 Vista 2008 7 2012 2012 R2 8 10 Linux running on a 2 4 or later kernel Linux 64bit Solaris x86 10 Minimum Hardware Requirements 1GHz CPU 40GB Hard drive 2GB Ram Virtual Appliance...

Page 5: ...re instances can also be used for upgrading the software instances Installing on Windows 1 Navigate your file system and click on the downloaded installation package 2 The installation package Introduction screen will appear Click Next 3 The License Agreement screen appears 4 Read the product License Agreement terms and conditions To accept the License Agreement check the I accept the terms of the...

Page 6: ...lable at https helpdesk forumsys com 3 Forum Sentry Virtual Appliance Installation Procedures The Forum Sentry virtual appliances run the FIPS certified ForumOS operating system Sentry virtual appliances run within VMware infrastructure An OVA file from Forum Systems is required to install and run the Sentry virtual appliance Some general instructions are included below For detailed installation s...

Page 7: ...rk is properly segmented and that no machines that can access the MGMT network can access the WAN or LAN networks otherwise you will be creating a network loop and can experience network issues The steps below provide a quick outline of installation procedure For detailed instructions and for more details on the networking options please see the Sentry Hardware Installation Guide and if you have a...

Page 8: ...a Browser Access the Sentry WebAdmin interface via browser using the syntax https ip_or_dns_name 5050 You will be prompted for a license see section 6 below After applying a license you are prompted to create a new Admin account After creating the Admin account you are logged into the WebAdmin SSH into the instance using the same IP or DNS name used to access the WebAdmin interface using the Admin...

Page 9: ...you still cannot access the page ensure there are no local firewalls preventing this communication You may also need to adjust your browser s proxy settings and verify that port 5050 is bound and active using netstat After you have created the new administrator user you are logged into the WebAdmin interface The default page is the Getting Started page III Deploying a SOAP API Creating a WSDL Poli...

Page 10: ...rface and navigate to the Gateway Gateway Policies WSDL Policies page 2 Click New to create a new WSDL Policy A WSDL can be loaded via File URL from a UDDI or from an existing WSDL Library 3 The WSDL Policy name will be auto generated based on the URI or Filename fields Once you have chosen your method of importing the WSDL click Next 2 Creating the WSDL Policy 1 On the next screen you will create...

Page 11: ...er receiving the incoming request and performing the IDP scan schema validation and any task processing defined in Sentry The Send to remote server option should be enabled if you want to use this policy in proxy mode send the processed request to a back end service Disable this option if you want to use this policy in service mode the processed request is sent immediately back to the client nothi...

Page 12: ...qaservice qaservice asmx Use this URI to retrieve the WSDL http 192 168 0 14 80 qaservice qaservice asmx WSDL Enter this link into a web browser and verify that the WSDL document is shown This is the newly generated WSDL document from Forum Sentry and will have the Sentry listener policy endpoints as the service port locations such that clients will communicate directly with Sentry as the service ...

Page 13: ...ent IV Testing the Sentry WSDL Policy After creating a WSDL Policy on Sentry administrators will want to test the policy We recommend using the free edition of the SOAPSonar Service Testing tool from Crosscheck Networks to generate the SOAP messages to test the Sentry policies For assistance with SOAPSonar please contact support crosschecknet com 1 Obtaining SOAPSonar from Crosscheck Networks 1 Yo...

Page 14: ...ion to open the default test case that was generated 3 Under Project Tree on the left expand out to see a test case You ll see the Request window open showing the Schema Fields view This allows you to easily enter data for each element of the SOAP request being generated Click on the XML tab to see the auto generated SOAP message from the schema field values provided ...

Page 15: ...o the Sentry WSDL Policy 1 Enter some request data and click the icon to commit the settings Then click the icon to send the request to the Sentry WSDL Policy 2 The response message should show up on the Response tab either below the request window or next to it This is the response message that is coming back from Sentry If the processing is successful on Sentry the request will go from Sentry to...

Page 16: ...try System Log To review or troubleshoot transactions processed by Sentry you will review the Sentry System Log 1 In the WebAdmin interface go to the Diagnostics Logging Settings page 2 Set the System Log Logging Level to DEBUG for testing purposes only 3 Send another request from SOAPSonar to Sentry 4 Access the Sentry System log on the Diagnostics Logging Internal Logs page Select the Today log ...

Page 17: ...r you send a request click the Session ID to show only the log messages for that transaction Then scroll to the bottom to see the first log message Document entered communications layer 7 Going up from there you ll see the incoming request headers the actual request itself and all processing Sentry performs on the request 8 When you see the Sending remote server a processed request message this in...

Page 18: ...the port number The remote policy is the actual endpoint for the service This is where Sentry will send the processed request after receiving the incoming request and performing the Access Control IDP scan schema validation and any task processing defined in Sentry The Send to remote server option should be enabled if you want to use this policy in proxy mode send the processed request to a back e...

Page 19: ... Network Policies page of the WebAdmin interface Here you will see the HTTP Listener and HTTP Remote policies generated while creating the REST Policy A Listener Policy can be of many different protocol types including HTTP FTP MQ EMS sFTP and more A listener policy does the following Defines the IP and Port and the Protocol HTTP HTTPS etc Defines Get Queue to listen for inbound messages MQ EMS JM...

Page 20: ...Lists Task Management Guide 5 Using XML Policies for non SOAP based services XML REST HTML XML Policies Guide 2 Contacting Forum Systems Support Online Helpdesk create support tickets access forums docs FAQs https helpdesk forumsys com Email Support support forumsys com Phone Support 1 781 791 7510 option 2 3 Forum Sentry Documentation Full Sentry Documentation also available through the WebAdmin ...

Reviews:

No comments

Related manuals for SENTRY

Brand: Dinstar Pages: 41

Brand: Nortel Pages: 111

Brand: Actiontec Electronics Pages: 6

Brand: Deb Pages: 4

STHC-ISG02DB-WS433-CL-04

Brand: daviteq Pages: 25

Brand: ioSelect Pages: 160

Brand: Mako Pages: 70

Brand: T-VIPS Pages: 200

Brand: Meraki Pages: 11

Brand: Avaya Pages: 30

Brand: Avaya Pages: 72

HomePortal 3700HGV

Brand: 2Wire Pages: 4

HomePortal 2701HGV

Brand: 2Wire Pages: 21

AWGTY-DGOISG86A0

Brand: AWPLC Pages: 25

Brand: RTA Pages: 74

Brand: RTA Pages: 81

Brand: H3 System Pages: 12

Smart Gateway Professional

Brand: SSS Siedle Pages: 36

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands