2.9.2.29. wireGuardSync

The wireGuardSync plugin enables communication with VPN Gateway FW to manage and receive information about VPN users in the corporate network. It can be used along with the policy engine in order to isolate users in different ‘dynamic zones’. It also generates events for disconnection of multiplatform agent users from the Business Profiles section.

To configure the plugin, the next fields must be configured:

../../../_images/wireguardsync.png


  • Firewalls: Permit to add firewalls to the plugin execution.

  • API key to make requests to the firewalls: API Key that we must obtain from the VPN Gateway to allow communication with the Firewall API.

  • TTL: During this period, indicated in minutes, no more executions are done over the same client.

  • Execution order: determines the order in which sync plugins are executed, with higher priority assigned to lower numerical values (0 being the lowest priority). In situations where multiple plugins share the same execution order value, the execution order will follow an alphabetical arrangement.

For getting the api key we need to go to our CMI in Security -> API keys and define our ON Core there:

../../../_images/wireguardsync3.png


This API key generated is what we need to add in the field API key to make requests to the firewalls

We also need to have an API key for the VPN Gateway in ON CMDB -> Security -> API Key

To add a new firewall we need the next information:

../../../_images/wireguardsync2.png


  • FW IP: IP of the VPN Gateway where we will establish the connection to send you the information.

  • FW Port: Port used for communication with the VPN Gateway.

The firewall needs to be defined in the ON CMDB -> Network Devices with the disconnection settings correctly configured.

We need to have the WireGuard configuration correctly configure in ON Agent -> WireGuard.