Additional Configuration for SDCs and Security Cloud Control Connectors Installed on a VM You Created

If you installed your Security Cloud Control Connector on your own CentOS 7 virtual machine, perform one of the following additional configuration procedures to allow events to reach the SEC:

Before you begin:

This is the second of three steps you need to complete in order to install and configure your SEC. If you have not already, complete Install a Security Cloud Control Connector to Support an SEC Using Your VM Image before making these configuration changes.

After you complete one of the additional configuration changes described here, complete Install the Secure Event Connector

Disable the firewalld service on the CentOS 7 VM

  1. Log into the CLI of the SDC VM as the "Security Cloud Control" user.

  2. Stop the firewalld service, and then ensure that it will remain disabled upon subsequent reboots of the VM. If you are prompted, enter the password for the Security Cloud Control user:

    [Security Cloud Control@SDC-VM ~]$ sudo systemctl stop firewalld
    Security Cloud Control@SDC-VM ~]$ sudo systemctl disable firewalld
  3. Restart the Docker service to re-insert Docker-specific entries into the local firewall:

    [Security Cloud Control@SDC-VM ~]$ sudo systemctl restart docker

  4. Continue to Install the Secure Event Connector.

Allow the firewalld service to run and add firewall rules to allow event traffic to reach the SEC

  1. Log into the CLI of the SDC VM as the "Security Cloud Control" user.

  2. Add local firewall rules to allow incoming traffic to the SEC from the TCP, UDP, or NSEL ports you configured. See Finding Your Device's TCP, UDP, and NSEL Port Used for Cisco Security Analytics and Logging for the ports used by your SEC. If prompted, enter the password for the Security Cloud Control user. Here is an example of the commands. You may need to specify different port values.

    [Security Cloud Control@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10125/tcp 
    Security Cloud Control@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10025/udp
    [Security Cloud Control@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10425/udp
  3. Restart the firewalld service to make the new local firewall rules both active and persistent:

    [Security Cloud Control@SDC-VM ~]$ sudo systemctl restart firewalld

  4. Continue to Install the Secure Event Connector.