Ethical Wall and DLP Access Portal Web API Settings
The SkypeShield Filters installed on the Edge server and the Bastion's LAC filter must have access to the Admin Portal (UI) using SphereShield RESTful API
Configuration
Configuration in the Admin Portal
- Go in the Admin Portal to [Settings] > [Site Security]
- Configure the following settings
Option | Values | Notes |
---|---|---|
Enable RESTful API | Yes/No | Whether RESTful API should be enabled |
Allowed Web Service API Clients Computer Name | List of the server hosting the enforcing services without domain suffix | multiply values are allowed |
Access Portal Web API URL | Full URL path of the Admin Portal that is accessible to the services | The Admin Portal server must be accessible from the SIP Filter and the DMZ Bastion position |
External Portal Web API URL | Full URL path of the Admin Portal that is accessible from the Cloud provider | Not relevant to Skype for Business |
Access Portal Web API Authentication Username | Username in the domain using the format "username@corp.domain.com" | Used by the service for signing to the portal API |
Access Portal Web API Authentication Password | Password for the username | Password for the username |
3. Run the command iisreset on the server hosting the Admin Portal
4. Restart the services
Configuration for the LAC Filter
For more details on how to configure the LAC filter to communicate with the Admin Portal see the following article: How to configure Lync Access Control
Configuration for the SIP Filter
For more details on how to configure the SIP filter to communicate with the Admin Portal see the following article: How to manually install the SIP Filter on the Edge server?
Verifying the Filters are able to communicate
LAC Filter
- Restart the Bastion service
Search for "EW-AD" in the Log of the LAC filter(default: c:\agat\logs\Lync_Access_Control\skype-pool-a-[date].log)
You should see the following lines during startup in case integration worked
2021-08-09 15:13:20 (d) [Portal API] Server name encrypted: <Encrypted server name> PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 29 2021-08-09 15:13:20 (d) [Portal API] Server name: <Server name> PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 31 2021-08-09 15:13:20 [tr] [Portal API] Initialising Agat API: [<Configured Admin Portal URL>/rest/v1/token?secretKey=<configured key in the LAC>] PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 34 2021-08-09 15:13:20 [tr] Sending request to: GET [<Configured Admin Portal URL>/rest/v1/token?secretKey=<configured key in the LAC>]. Host header: cdc Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\CurlUtils.cpp 46 2021-08-09 15:13:20 (d) Adding header: cdc Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\CurlUtils.cpp 93 2021-08-09 15:13:21 [tr] Closing CURL handle cdc Agat::Http::SendHttpRequest <- PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\CurlUtils.cpp 163 2021-08-09 15:13:21 [xt] [Portal API] Portal API Request headers Output 2021-08-09\Dump-LAC_2.10.12.0_skype-pool-a00000093.PortalAPI_RequestHeadersOut.txt PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 87 2021-08-09 15:13:21 [xt] [Portal API] Portal API Request body Output 2021-08-09\Dump-LAC_2.10.12.0_skype-pool-a00000094.PortalAPI_RequestBodyOut.txt PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 88 2021-08-09 15:13:21 [tr] [Portal API] HTTP Status returned: 200 OK PortalAPI::SendRequest <- PortalAPI::Initialise <- Config::Init <- Lync_Access_Control::LoadConfig src\AP-API.cpp 97
SIP Filter
- Restart the SIP Filter
You should see during the loading of the filter the following line
2021-08-09 15:26:00,990 [7] DEBUG AP-API - Calling Web Service [<Configured Admin Portal URL>/rest/v1/token] of secret key:[Key in the YAML file]([Hostname]) with user [Service username] pass [Service user Password] 2021-08-09 15:26:11,859 [7] INFO AP-API - LoadApiToken Done with Token:[ending of recived token]