Configure NSX-T URL Analysis

From Iwan
Jump to: navigation, search

NSX-T URL analysis allows you to get insight into what websites are accessed within the organization. These websites are scored so you can review and understand the reputation and risk of the accessed websites. This article will explain to you how to configure URL Analysis.

Deployment Steps

  • STEP 01) Enable URL Analysis on an Edge Cluster
  • STEP 02) Create a context Profile
  • STEP 03) Create a Tier-1 Gateway Firewall Rule
  • STEP 04) Generate web traffic
  • STEP 05) Review the URL Analysed

STEP 01» Enable URL Analysis on an Edge Cluster

NSX-T Manager: Security >> URL Analysis >> Settings

Click on get started:

URL-A-01.png

By default URL Analysis is disabled so I need to enable it on the Edge CLuster:

URL-A-02.png

When I enabled it on the Edge Cluster I need to cinfirm this:

URL-A-03.png

Once confirmed URL Analysis is enabled on the Edge Cluster:

URL-A-04.png

STEP 02» Create a context Profile

When you click on "set" in the previous screen you can create a contect profile:

URL-A-05.png

Give it a name, and click on the attributes to add the attributes:

URL-A-06.png

Add all the attributes available:

URL-A-07.png

After I added the attributes in the contect profiles I can review them:

URL-A-08.png

When I click on "apply" a "1" appears in the profiles column:

URL-A-09.png

STEP 03» Create a Tier–1 Gateway Firewall Rule

NSX-T Manager: Security >> Gateway Firewall >> All shared Rules

Create a (shared) Gateway firewall rule and apply it to the Tier-1 Gateway where the Segments/Virtual Machines are attached to that we want to analyze the URLs from.

URL-A-10.png

NSX-T Manager: Security >> Gateway Firewall >> Gateway SPecific Rules

We can also review the specific Tier-1 Gateway firewall rules for that specific Gateway.

URL-A-11.png

NSX-T Manager: Security >> URL Analysis >> URLs

When we look at the URLs Analyzed section this is still empty:

URL-A-12.png

STEP 04» Generate web traffic

I have created a "dummy" Virtual Machines with Ubuntu and opened a few websites, and hit a few times on refresh:

URL-A-13.png

STEP 05» Review the URL Analysed

NSX-T Manager: Security >> Security Overview

After 15 minutes the browsed URLs are catagorized:

URL-A-14.png

NSX-T Manager: Security >> URL Analysis >> URLs

A closer look will show the reputation and score:

URL-A-15.png

Quality Check

I am always trying to improve the quality of my articles, so if you see any errors, mistakes in this article or you have suggestions for improvement, please contact me, and I will fix this.

Retrieved from "http://www.iwanhoogendoorn.nl/index.php?title=Configure_NSX-T_URL_Analysis&oldid=5184"