Ethical Wall and DLP Access Portal Web API Settings

Owned by Agat Support
Last updated: Apr 12, 2022 by Avi J. Levin (Unlicensed)

The SkypeShield Filters installed on the Edge server and the Bastion's LAC filter must have access to the Admin Portal (UI) using SphereShield RESTful API

Configuration

Configuration in the Admin Portal

  1. Go in the Admin Portal to [Settings] > [Site Security]
  2. Configure the following settings

OptionValuesNotes
Enable RESTful APIYes/NoWhether RESTful API should be enabled
Allowed Web Service API Clients Computer NameList of the server hosting the enforcing services without domain suffixmultiply values are allowed
Access Portal Web API URLFull URL path of the Admin Portal that is accessible to the servicesThe Admin Portal server must be accessible from the SIP Filter and the DMZ Bastion position
External Portal Web API URLFull URL path of the Admin Portal that is accessible from the Cloud providerNot relevant to Skype for Business
Access Portal Web API Authentication UsernameUsername in the domain using the format "username@corp.domain.com"Used by the service for signing to the portal API
Access Portal Web API Authentication PasswordPassword for the usernamePassword for the username

3. Run the command iisreset on the server hosting the Admin Portal

4. Restart the services

Configuration for the LAC Filter

For more details on how to configure the LAC filter to communicate with the Admin Portal see the following article: How to configure Lync Access Control

Configuration for the SIP Filter

For more details on how to configure the SIP filter to communicate with the Admin Portal see the following article: How to manually install the SIP Filter on the Edge server?

Verifying the Filters are able to communicate

LAC Filter

  1. Restart the Bastion service

  2. Search for "EW-AD" in the Log of the LAC filter(default: c:\agat\logs\Lync_Access_Control\skype-pool-a-[date].log

  3. You should see the following lines during startup in case integration worked 

    2021-08-09 15:13:20 	(d)			[Portal API] Server name encrypted: <Encrypted server name>					PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	29
2021-08-09 15:13:20 	(d)			[Portal API] Server name: <Server name>						PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	31
2021-08-09 15:13:20 	[tr]			[Portal API] Initialising Agat API: [<Configured Admin Portal URL>/rest/v1/token?secretKey=<configured key in the LAC>]						PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	34
2021-08-09 15:13:20 	[tr]			Sending request to: GET [<Configured Admin Portal URL>/rest/v1/token?secretKey=<configured key in the LAC>]. Host header: 					cdc	Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\CurlUtils.cpp	46
2021-08-09 15:13:20 	(d)			Adding header: 					cdc	Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\CurlUtils.cpp	93
2021-08-09 15:13:21 	[tr]			Closing CURL handle					cdc	Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\CurlUtils.cpp	163
2021-08-09 15:13:21 	[xt]			[Portal API] Portal API Request headers Output	2021-08-09\Dump-LAC_2.10.12.0_skype-pool-a00000093.PortalAPI_RequestHeadersOut.txt					PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	87
2021-08-09 15:13:21 	[xt]			[Portal API] Portal API Request body Output	2021-08-09\Dump-LAC_2.10.12.0_skype-pool-a00000094.PortalAPI_RequestBodyOut.txt					PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	88
2021-08-09 15:13:21 	[tr]			[Portal API] HTTP Status returned: 200 OK						PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig	src\AP-API.cpp	97

SIP Filter

  1. Restart the SIP Filter

  2. You should see during the loading of the filter the following line

    2021-08-09 15:26:00,990	[7]	DEBUG	AP-API - Calling Web Service [<Configured Admin Portal URL>/rest/v1/token] of secret key:[Key in the YAML file]([Hostname]) with user [Service username] pass [Service user Password]
2021-08-09 15:26:11,859	[7]	INFO 	AP-API - LoadApiToken Done with Token:[ending of recived token]