HTTP

This chapter contains an example of a basic Fudo Enterprise configuration, to monitor access to Twitter over HTTPS. In this scenario, the user uses its individual login credentials to log in to a monitored Twitter account. The connection will timeout after 15 minutes (900 seconds) and the user will have to login again to continue browsing the server’s contents.

Warning

HTTP rendering is a CPU intensive process and may have negative impact on system’s performance. A physical appliance is recommended for monitoring rendered HTTP connections with the following limitations regarding the maximum number of concurrent rendered HTTP sessions.

Model	Maximum recommended number of concurrent HTTP sessions*
F100x	2
F300x	5
F500x	10

* The actual value depends on the Fudo Enterprise instance configuration.

Prerequisites

The following description assumes that the system has been already initiated. For more information on the initiation procedure refer to the System initiation topic.

Configuration

Adding a server

Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.

1. Select Management > Servers.

2. Click + Add server.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	twitter
Description
Blocked
Protocol	HTTP
TLS enabled
Legacy crypto
HTTP host
HTTP timeout	900
HTTP Authentication	Twitter
Bind address	10.0.236.70
Permissions
Granted users
Destination
Address	twitter.com
Mask	32
Port	443
Server verification	None

4. Click Save or Save and close

Adding a user

User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.

1. Select Management > Users.

2. Click Add.

3. Provide essential user information:

Parameter	Value
General
Name	john_smith
Role	user
Blocked
Account validity	Indefinite
Settings Tab
Safes
Authentication section
Authentication failures
Enforce password complexity
Add authentication method:	Static password
Password	john
User Data Tab
Fudo domain
AD Domain
LDAP Base
Full name	John Smith
Email	john@smith.com
Organization
Phone
Permissions Tab
Granted users

4. Click Save.

Adding a listener

Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

1. Select Management > Listeners.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	twitter_listener
Blocked
Protocol	HTTP
Render sessions
Permissions
Granted users
Connection
Mode	proxy
Local address	10.0.236.70
Port	997
Use TLS
Legacy crypto
TLS certificate	Click i to generate a certificate.

4. Click Save.

Adding an account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

1. Select Management > Accounts.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	twitter_admin
Blocked
Type	regular
Session recording	all
Notes
Data retention
Override global retention settings
Delete session data	default settings
Permissions
Granted users
Server
Server	twitter
Credentials
Domain
Login	YourTwitterAccountUsername
Replace secret with	with password
Password	******
Repeat password	******
Password change policy	Static, without restrictions

4. Click Save.

Defining a safe

Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.

1. Select Management > Safes.

2. Click Add.

3. Provide essential configuration parameters:

Parameter	Value
General
Name	twitter_safe
Blocked
Notifications
Login reason
Require approval
Policies
Note access	No access
Users	john_smith
Protocol functionality
RDP
SSH
VNC

4. Select Users tab.

5. Click Add user.

6. Find John and click ..

7. Click OK.

8. Select Accounts tab.

9. Click Add account.

10. Find the twitter_admin object and click ..

11. Click OK.

12. Click in the Listeners column.

13. Find the twitter_listener object and click ..

14. Click OK.

15. Click Save.

Connecting to Remote Resource

1. Launch a web browser.

2. Go to the 10.0.236.70:997 web address.

3. Enter user login and password and press the [Enter] key or click the Login button.

Note

In case you are authenticating using two factors, input your static password along with the dynamic factor (token value) in the password field as a single string of characters.

4. Continue browsing the website.

Viewing User Session

1. Open a web browser and go to the Fudo Enterprise administration page.

2. Enter user login and password to log in to Fudo Enterprise administration panel.

3. Select Management > Sessions.

4. Find John’s session and click i.

Related topics:

• Requirements

• HTTP protocol

• Data model

• Quick start - SSH connection configuration

• Quick start - RDP connection configuration

• Quick start - MySQL connection configuration

• Quick start - Telnet connection configuration