To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

PM 10 on Linux questions

SSP
SSP Posts: 5 Security Scout

Hello,

 

I recently set up a PM 10 on a 64-bit Debian with no GUI. I set the ports to the default values, allowing remote connections to the administration module. So I tested from a remote station http://<server-ip>: works, http://<server-ip>/b: works, http://<server-ip:8081&gt; works, http://<server-ip>:8081 gives me a TCP error.

 

I also installed Policy Manager Console, but I am not sure what it is for, is this a X-Window application or a web application?

 

Then I installed a Windows Policy Manager Console trying to connect to the Linux server, but it fails on authentication no matter which user i use.

Comments

  • SSP
    SSP Posts: 5 Security Scout

    Nevermind,

     

    I realized that the username is admin and the password the one I entered during installation. Is there a way to change it after installation?

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    F-Secure Policy Manager version 10 allows you to create multiple users for the console.

  • SSP
    SSP Posts: 5 Security Scout

    Thanks.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear All,

     

    > I recently set up a PM 10 on a 64-bit Debian with no GUI ... Then I installed a Windows Policy Manager Console trying to connect to the Linux server, but it fails

     

    The situation is similar for us.

     

    Debian Linux Squeeze 6.0.6, 64-bit, non-GUI server

    with IP adresses: 192.168.1.234 and 192.168.7.254

    Fresh install with FSPM 10.01.

     

    All three ports of the Linux-based PMS server (HTPP 8200 for clients, HTTPS 8201 for PMC and HTTP 8081 for Web Reporting) are visible when a web browser is opened on a Windows workstation. Connecting with FSPMC from a remote computer has been enabled during the installation wizard.

    The FSPMC has been installed on a Windows 7 Enterprise workstation. However, it is not possible to login to the PMS when using the Windows-based PMC console.

     

    The server's error message is:
    "/var/opt/f-secure/fspms/logs/launcher-error.log":
    WARNING::javax.net.ssl.SSLException:
    Unrecognized SSL message, plaintext connection?

     

    The Windows-side error message is:

     

    F-Secure Policy Manager Console:

    Cannot connect to the server:

    Could not access HTTP invoker remote service at

    https://192.168.1.234:8201/fspms/remoting/FspmsInstanceInfo

    nested exception is org.apache.http.conn.

    ConnectTimeoutException:

    Connect to fw.domain-name.hu/192.168.7.254:8201 timed out.

     

    Please tell us what should be changed in the configuration to make this
    setup work properly?

     

    I especially do not understand this one line:

    > nested exception is org.apache.http.conn.

     

    I mean the "Release Notes for F-Secure Policy Manager 10.01, Linux version" says:

    "Apache HTTP server is no longer installed during Policy Manager Server installation"


    Thanks in advance, Sincerely: Tamas Feher, 2F 2000, Hungary.

  • SSP
    SSP Posts: 5 Security Scout

    I stopped and disabled Apache:

     

    /etc/init.d/apache2 stop
    update-rc.d -f apache2 remove

     

    And then I used the default ports for everything else, because I found no way to specify the port for the Windows PMC.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Dear SSP,

     

    Thanks for the response!

     

    > I stopped and disabled Apache

     

    Can you elaborate a bit more on this issue? Did you have a pre-existing Apache on the Linux or did the F-Secure FSPMS setup put the Apache there?

     

    > I found no way to specify the port for the Windows PMC

     

    You should be able to specify custom port for connection in the PMC Connection Properties URL like, just like in a web browser: IP address double-dot port-number.

     

    The ports are adjustable in FSPMS setup wizard, so that FSAV antivirus centralized management does not need a dedicated server. If there is an IIS or Apache production web server occupying the standard 80 / 8080 ports, just use 85 / 8085 / 8086 for F-Secure PM. (In ancient times, FSPMS was actually IIS-based.)

     

    Sincerely: Tamas Feher.

  • SSP
    SSP Posts: 5 Security Scout

    Yes I had an existing Apache installed. I used a preconfigured Debian VM for our environment. I disabled it because it occupied port 80 which is the default host module port. FSPMS installs it's own web server. However I don't know what it is.

     

    >You should be able to specify custom port for connection in the PMC Connection Properties URL like, just like in a web browser: IP address double-dot port-number.

     

    OK, this might work, but as I use the default ports I don't need to add them to the URL.

     

    Your error message likely results from using the wrong port. Try a telnet connection on all ports to see if they are opened.

This discussion has been closed.

Categories