4.7.1.2. Deployment Steps

To ensure the proper functionality of the deployed use case, it is crucial to meticulously follow the steps outlined. Keep in mind that these steps may vary based on the specific requirements and needs of your case.

Below, you will find a breakdown of both mandatory and optional steps, with the understanding that their applicability depends on your unique circumstances.

Architecture

• Architecture: This section outlines the nodes necessary for the functioning of the use case, providing essential information related to its architecture. You can find a detailed explanation of the deployment of each of the nodes in Deployment and basic configuration.

Configuration

• Node Configuration: This section provides a detailed guide on configuring the backend nodes essential for the use case. These include ON Core and ON Sensor.

• VPN Gateway Configuration: The configuration of the VPNGW module includes the creation of zones, interfaces, hosts and basic rules as well as the configuration of the VPN itself depending on the chosen type (OpenVPN or Wireguard).

Administration

• AD Configuration: The AD configuration will be necessary in case you are authenticating VPN users against an Active Directory. Here we can also define LDAP filters to segment access to the VPN.

• Set FW as Network Device: It is important to have the VPN Gateway node defined as a Network Device within ON Core, this will help us to identify the node and configure the Toggle Port depending on the type of VPN used.

• Policies Configuration: It is important to define access policies in ON Core. These will determine the access permissions to the VPN.

• ON Agent Configuration: For the 2SRA use case, the VPN client is the OpenNAC Enterprise agent (ON Agent). This step explains how it should be used to connect to the deployed VPN.

Optional:

• Single Sign-On Wireguard VPN using SAML: The use of Wireguard as a VPN service allows us to use SAML as the authentication backend through the OpenNAC Enterprise captive portal. For this, it will be necessary to configure this section to deploy and configure the captive portal.

• OTP Configuration: To improve the security of the use case, it is possible to use the One Time Password (OPT or 2FA) system to require the one-time password when connecting to the VPN.

Operation

• Operation : In this step, you will start operating the use case and checking that all the functionalities are working as expected. If you find unexpected behavior, refer to the troubleshooting section to understand and fix the issue.

Monitoring

• Monitoring : See how the data is being ingested and saved in ON Analytics. To check this, open the different visualizations available for this use case.

Troubleshooting

• Troubleshooting : The initial testing of the module post-deployment may present some issues. This section outlines the troubleshooting flow for the Visibility Use case. For troubleshooting node components and understanding general common issues, refer to the Platform Administration > Troubleshooting guide.