Get everything ready in your network
  • 17 Mar 2023
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Get everything ready in your network

  • Dark
    Light
  • PDF

In order to make XTENDISE work in your network, we need you to do some configurations in your environment.

1. Install Windows Server

  1. Get ready a virtual/physical server with Windows 2016/2019/2022 standard edition and with minimum of 4x CPU, 8 GB RAM, 200 GB HDD. The server has to be joined to your Active Directory domain.
  2. Download the latest XTENDISE version on the server. The latest XTENDISE version can be found here.
Windows Server License

XTENDISE license does not include a Windows license. The customer is responsible for licensing of the Windows server

2. Configure Active Directory

  1. Create an service/user account in your Active Directory - This account will be used by the XTENDISE application to look up adminstrator accounts during authentication and authorization. You can reuse any existing service account with read only privileges.
  2. Create a group in Active Directory for XTENDISE administrators - Users in this group will be authorized in the application as Administrators
  3. Create a group in Active Directory for XTENDISE users (optional) - Users in this group will be authorized in the application as Users. User role is an optional role with limited privileges
User authorization

Please see more information about User Authorization in the Authentication and Authorization section

3. Configure ISE

  1. Enable ERS API
    ISE 2.X - Navigate to Administration -> System -> Settings -> ERS Settings-> ERS Setting for Primary Administration Node and enable ERS for Read/Write
    ISE 3.X - Navigate to Administration -> System -> Settings -> API Settings -> API Service Setting and enable ERS (Read/Write)

  2. Create API users - Navigate to Administration -> System -> Admin Access -> Administrators -> Admin Users and create two users:
    User ers-xtendise in the admin group ERS Admin
    User mnt-xtendise in the admin group MnT Admin

  3. Configure logging destination - Navigate to Administration / System / Logging / Remote Logging Targets and create a new logging destination with the following configuration:
    Name - XTENDISE
    Target Type - TCP syslog
    Host/IP address - XTENDISE IP address
    Port - TCP/1468
    Maximum Length - 8192
    Include Alarms For this Target - True
    Buffer Messages When Server down - True
    Leave other parameters in default

  4. Assign logging categories - Navigate to Administration -> System -> Logging -> Logging Categories and include the following categories: Failed Attempts, Passed Authentications, RADIUS Accounting

4. Configure Firewall rules

Configure the following fire rules.

Source Destination Port Note
XTENDISE DNS Server UDP/53 Communication to DNS server
ANY XTENDISE TCP/80,443 Access to the application
XTENDISE AD server TCP/389,636 Communication to AD
XTENDISE ISE (Both PAN nodes) TCP/9060 ERS API
XTENDISE ISE (Both MnT nodes) TCP/443 Monitoring API
ISE (All PSN nodes) XTENDISE TCP/1468 Logging for Live Log
XTENDISE Switches TCP/22 Communication to switches
XTENDISE ANY ICMP Device Keepalive Feature
XTENDISE SMTP server TCP/25 Email Notifications
XTENDISE SYSLOG server UDP/514 External logging
Firewall rules

Please note that the table lists communication requirements. If there is no firewall or any filtering device in your internal network, this step can be omited.

When you are done with configurations in your network, please continue in Install XTENDISE


What's Next