Skip to main content
Virtual Appliance

Search

Cequence UAP Virtual Appliance on VMware ESXi

© 2024 Cequence Security. All Rights Reserved.

Cequence UAP Virtual Appliance on VMware ESXi

  • Updated on
  • ~ minute read
Download PDF

Prerequisites

Before you start, confirm that your environments match the following pre-requisites. Download the OVA file.

VMware Compatibility and Permissions

  • ESXi 7.x or better
  • Access to VMware vCenter Management Console
  • Ability to upload OVA files
  • Ability to launch OVA templates from vCenter

Hardware Requirements

  • 16 vCPU x86_64 architecture
  • 64 GB RAM
  • 100 GB SSD or better disk

Launch Instance of the Cequence UAP OVA from the vSphere HTML5 Console

  1. Log In to vSphere HTML5 Client: Open your web browser and navigate to the vSphere HTML5 client URL. Log in with your credentials.

  2. Navigate to the Host or Cluster: In the vSphere HTML5 client, navigate to the host or cluster where you want to deploy the OVA. Click on the host or cluster in the "Hosts and Clusters" view.

  3. Go to "Actions" Menu: Once you are on the host or cluster view, click on the "Actions" menu.

  4. Select "Deploy OVF Template": From the "Actions" menu, select "Deploy OVF Template." This option initiates the OVA deployment wizard.

  5. Browse for OVA File: In the "Deploy OVF Template" wizard, click on "Browse" to locate and select the OVA file from your local machine.

  6. Review OVF Template Details: After selecting the OVA file, review the details displayed in the wizard. Ensure that the information is correct and matches the specifications of your virtual machine.

  7. Specify Name and Location: Enter a name for the virtual machine and select the location where you want to deploy it.

  8. Select Deployment Configuration: Choose the deployment configuration that best suits your needs. This may include options like storage, networks, and other settings depending on your virtual environment.

  9. Review Configuration: Review the configuration settings to ensure they are correct. Make any necessary adjustments.

  10. Complete Deployment: Click "Finish" to start the deployment process. vSphere HTML5 client will begin importing and deploying the OVA.

  11. Monitor Deployment Progress: Monitor the progress of the deployment in the vSphere HTML5 client. This may take some time depending on the size of the OVA and the resources available.

  12. Power On the Virtual Machine: Once the deployment is complete, power on the virtual machine from the vSphere HTML5 client.

Create DNS entries

  1. Identify a subdomain you will use to access the resources on Cequence UAP, such as cqai.yourdomain.com
  2. Once the machine is up, use the routable IP address of the virtual machine to create the following DNS entries, all pointing to the same IP address of the virtual machine -
    • auth.cqai.yourdomain.com
    • edge.cqai.yourdomain.com
    • ui.cqai.yourdomain.com
    • policy-engine.cqai.yourdomain.com

Note: If you’re using AWS Route 53, you can simply create an entry like - *.cqai.yourdomain.com to point to the virtual machine's IP address

Note: If you’re using AWS Route 53, you can create an entry like - *.cqai.yourdomain.com to point to the virtual machine's IP address

Set up Cequence UAP

  • SSH to the virtual machine with the following credentials
# ssh cq-user@ui.cqai.yourdomain.com
password: apiprotection

Run the setup command with your subdomain used in the DNS

# /opt/cequence/bin/setup.sh cqai.yourdomain.com

Setup takes around 15 minutes to complete.

  • Using the browser to navigate to URL - https://auth.cqai.yourdomain.com to accept the self signed certificate in the browser
  • Now, navigate to URL - https://ui.cqai.yourdomain.com and login with the following default credentials -
    • username: cq-ui
    • password: You can get the password by running the command below
      • kubectl get secret  ui-default-user  -n cequence --template={{.data.password}} |  base64 -d
  • Follow the guide on the product for configuring the rest of the product

Configure HTTP traffic filters

Prerequisites

Confirm that you have access to the Cequence UAP web UI.

Login.png

Steps:

  • Access the HTTP Traffic Filters configuration page: a. Navigate to the Cequence UAP portal. b. Click on the "Applications" tab. c. Under the "Applications" section, click on "HTTP Traffic Filters". d. Click on the "Configure" button.
  • Set the filter type: a. In the "Filter Type" section, select the "UAP" and "Sentinel" checkboxes.
  • Set the domain: a. In the "Domain" field, enter "*".
  • Set the path: a. In the "Path" field, enter "/**". b. Select the "Includes subpaths" checkbox.
  • Set the HTTP methods: a. In the "Select HTTP Methods to be processed" section, select "ALL" from the dropdown menu.
  • Save the configuration: a. Click on the "Save" button to apply the configured settings.

Filter-Config.png

Next Steps

Configure Data Plane Components:

Was this article helpful?