Documentation Center
AlienVault® USM Appliance™

How to Create Static Routes in USM Appliance

Version: 5.x
Deployment: All deployments

AlienVault recommends that you create static routes on your network router instead of on USM Appliance. If creating these routes is not possible in your environment, you can manually modify the interface configurations on USM Appliance to ensure correct communication in your environment. In the example below, we illustrate how to accomplish this.

Description

A customer has a USM Appliance instance located in the Trusted Zone (10.10.10.0/24), and the AlienVault HIDS Agents sending data to that sensor are in a Restricted Zone (10.10.20.0/24).

The default gateway for USM Appliance is 10.10.10.1, which is outbound towards other less restrictive zones.

In order to communicate effectively with the HIDS Agents located in the Restricted Zone, traffic needs to flow through the Restricted Firewall/Router, which is 10.10.10.4, towards the Restricted Zone.

diagram for the example

If a route is not present on USM Appliance telling it the direction to take in order to communicate with the HIDS Agents, packets from the agents can reach USM Appliance, but any response from USM Appliance will not make it back to the agents, so the agents will not show as "Active" in USM Appliance, which can cause problems in reporting.

Solution

To work around the problem, you must create a route on USM Appliance to direct traffic destined for 10.10.20.0/24 through the Restricted Firewall/Router at 10.10.10.4.

We're going to create a new service that will be in charge of adding the routes when the system restarts. This way the changes you make will not be overwritten during an upgrade.

  1. Add a file with the routes in the /etc/init.d directory:

    # touch /etc/init.d/staticroutes

    The file should contain the following (add or remove routes as needed):

    #! /bin/sh ### BEGIN INIT INFO # Provides: staticroutes # Required-Start: $local_fs $network # Required-Stop: $local_fs $network # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Static routes added ### END INIT INFO DESC="static routes" start() { /sbin/route add -net 10.10.20.0 netmask 255.255.255.0 gw 10.10.10.4 } stop() { /sbin/route del -net 10.10.20.0 netmask 255.255.255.0 gw 10.10.10.4 } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; *) echo "*** Usage: $0 {start|stop|restart}" exit 1 esac exit 0

  2. Change permissions of that file:

    # chmod 766 /etc/init.d/staticroutes

  3. Edit the file /etc/insserv.conf. After the line with the variable “$named”, add the following:

    $staticroutes

  4. Run the insserv command to enable the static routes service:

    # insserv staticroutes

  5. Run the chkconfig command to verify that it is added to the startup list.

    # chkconfig --list | grep staticroutes

    static routes 0:off 1:off 2:on 3:on 4:on 5:on 6:off

  6. (Optional) Test the recently created file. This will NOT enable any services:

    # insserv -n

  7. To activate the service, reboot the machine or execute the following:

    # /etc/init.d/staticroutes restart

 

If you want to remove the static route when it is no longer needed, run the following command:

# insserv -r staticroutes

After the service is removed, it will not appear in the chkconfig output.