Skip to content

AXS Guard Cloud

Introduction

The AXS Guard Cloud is part of AXS Guard’s Observe & Protect solution. It offers multiple dashboards, enabling authorized administrators and MSSPs to remotely and securely monitor AXS Guard UTM deployments.

Authorized users can configure settings to be pushed to large-scale installations, view license and operational status information, register new UTM appliances, view customer contract details, troubleshoot systems, and consult threat intelligence data from various sources.

Data Filters

Filtering threat intelligence data, provided through the various dashboards, is achievable using KQL and Lucene query syntax. UI filters are also available for convenience, allowing authorized users to narrow down data sets or options based on specific criteria.

QuerySelection

With filters, administrators and MSSPs can quickly identify issues, isolate devices for closer inspection, and troubleshoot systems more efficiently. This capability also enables them to adjust their cybersecurity strategy more effectively.

For users looking to enhance their proficiency in navigating dashboards and utilizing filters, we offer a comprehensive online tutorial. This tutorial is designed to provide step-by-step guidance on maximizing the effectiveness of dashboards, along with insights into leveraging filters for refined data analysis.

Requesting Cloud Access

To access the AXS Guard Cloud, first-time users must complete and submit the required form. This form serves as a crucial step in the onboarding process, facilitating the collection of necessary information and ensuring that users adhere to the prescribed protocols for cloud access.

Cloud

Requirements

The AXS Guard Cloud requires users to sign in using Google or Microsoft credentials, which can include third-party email addresses linked to Google or Microsoft (e.g., user@yourdomain.com). A web browser is needed for interaction with its diverse web-based dashboards.

Browser extensions can impact the performance and user experience, as they have the ability to run extra code on every page you open, potentially causing pages to hang or become unresponsive.

If you encounter any issues while interacting with a dashboard or if it becomes invisible, ensure that all your browser plugins are disabled or add a security exception for the AXS Guard Cloud.

Dashboards

AXS Guard Central

Introduction

The AXS Guard Central dashboard provides a clear overview of all deployed UTM appliances, their license number, contract IDs, current operational status and health.

Via this dashboard, authorized system administrators and MSSPs can register new appliances and securely log in to deployed AXS Guard UTM appliances or PAX units (version restrictions apply).

The AXS Guard central dashboard simplifies routine system maintenance tasks, such as pushing new firewall rules to a UTM appliance and allows MSSPs or system administrators to remotely identify and troubleshoot issues.

Registering UTM Appliances

Before initiating the registration process, ensure you have access to the following key information:

  • The Contract Number (e.g., AXGK-1234-56789 or EVAL-1234-56789 for product evaluation), as found in your AXS Guard order confirmation.
  • The specific Serial Number, also available in your AXS Guard order confirmation (only required to register your very first AXS Guard appliance).
  • The systeminfo.txt file, which must be downloaded directly from your AXS Guard appliance during the License Wizard process.

To register an appliance, log in to the AXS Guard cloud, then navigate to the AXS Guard Central dashboard. Click on register appliance to start the registration proces and follow the on-screen instructions.

ProductRegistration

ProductRegistration

Remote Login

Secure remote login capabilities, helpful for system administration and troubleshooting, require AXS Guard version 11.0.15 or PAX version 4.2.0 or later.

IT administrators can use remote login to manage and troubleshoot appliances without being physically present at the location. This capability is particularly valuable for maintaining and updating systems in different geographical locations, reducing downtime, and minimizing the need for on-site assistance.

AXS Guard UTM Appliances

AXS Guard version 11.0.15 or later is required.

  1. Log in to the AXS Guard Cloud.
  2. Navigate to the AXS Guard Central dashboard.
  3. Enter your license number or contract ID into the search field.
  4. Click on the login button.

RemoteLogin

RemoteLogin

PAX Units

PAX software version 4.2.0 or later is required.

  1. Log in to the AXS Guard Cloud.
  2. Select the AXS Guard Central dashboard and enter the contract ID or license number of your AXS Guard appliance, e.g. 0000-00012345.
  3. Click on the license number.

    cloud login

  4. Select the Personal AXS Guard tab.

  5. To access the PAX unit you'd like to log into, click on the corresponding license ID, e.g. 0001-00012345.

    cloud login

  6. Click on the login button.

    cloud login

The login page of the PAX unit will open in a new browser tab. Log in with the credentials that you configured on the server side.

PAX Login Screen

System Details

Log in to the AXS Guard cloud, navigate to the AXS Guard Central dashboard and click on the license number of an appliance to access its details.

SystemDetails

After clicking on the license number, additional details will be visible, including status information, license information, contacts, software details, update events, appliance statistics, connected Personal AXS Guard units, configuration backups, and licensed features.

SystemDetails

System administrators can download the license.dat file via the License tab, which is required to make an AXS Guard appliance fully operational.

LicenseDat

Pushing Config Settings

Via system details, authorized users can also propagate AXS Guard configuration settings, such as firewall rules, GeoIP filters, DNS filters, and web filters, to a single UTM appliance. This is achieved by using the Push AXS Guard Cloud Config button and requires the creation of a configuration profile via the Management page.

Important

The use of the Push AXS Guard Cloud Config button is only required if you encounter issues with automated configuration updates. Configuration updates are automatically handled by the AXS Guard Cloud, provided that a configuration profile has been assigned.

PushConfig

Endpoint Central

The IBM Security QRadar EDR dashboard delivers comprehensive visibility into your network infrastructure, empowering real-time endpoint analysis and facilitating extended searches to uncover and counteract dormant threats. Installation of a QRadar EDR agent (Nano OS) on each endpoint is a prerequisite.

QRadar_login

Contracts

Through this page, authorized users can access contract information, consult a list of activated system features, find details about software bundles, and download contract certificates by clicking on a specific contract ID in the table.

Contracts

DNS Security

The DNS security dashboard serves as a centralized interface, providing real-time insights and analytics into malicious DNS queries generated by networked devices. This comprehensive tool enables administrators to monitor and analyze DNS traffic, detect potential threats, and assess the overall health of the network.

DnsSecurity

DNS queries are categorized based on the threat they represent. Filtering data is possible through the use of KQL syntax.

Examples of KQL filters

DnsFilter

  • ag.dns.category.keyword: dns-filter: shows all blocked DNS queries that matched a DNS filter.
  • host.name.keyword: axsguard.yourdomain.com: shows all DNS queries blocked by this AXS Guard appliance.
  • ag.dns.category.keyword: botnet: shows all blocked DNS queries that matched a botnet filter.
  • source.hostname: johndoe-laptop: shows all blocked DNS queries originating from this host.
  • source.ip.keyword: 192.0.2.50: shows all blocked DNS queries originating from this IP address.

Combine multiple filter conditions with the AND and OR operators, e.g.:

host.name.keyword: "axsguard.example.com" and ag.dns.category.keyword: "botnet"

Filters can also be created by clicking on elements in the dashboard, as demonstrated in the example below.

For users looking to enhance their proficiency in navigating dashboards and utilizing filters, we offer a comprehensive online tutorial. This tutorial is designed to provide step-by-step guidance on maximizing the effectiveness of dashboards, along with insights into leveraging filters for refined data analysis.

DnsFilter

Alerts

Via this dashboard, MSSPs and administrators can view various types of alerts:

  • Endpoint Alerts: Notifications or warnings generated by IBM Security QRadar EDR when suspicious or potentially malicious activities are detected on endpoints within a network. Endpoints are individual devices such as computers, servers, laptops, smartphones or other devices that connect to a network.
  • SecureDNS: Events related to APTs and botnets that are blocked by AXS Guard’s DNS security feature.
  • Configuration: Configuration alerts play a vital role in proactive IT management, allowing administrators to promptly address issues and maintain a secure and well-functioning IT environment.
  • AG Alerts: Alerts that are generated by AXS Guard UTM appliances, e.g. certificate expiration warnings and failed login notifications.

Alerts

Filtering alert data is possible through the use of KQL syntax.

Examples of KQL filters

AlertFilter

  • subtype.keyword: apt: shows all events related to advanced persistent threats (APT).
  • type: SecureDNS: shows all events related to SecureDNS.
  • type: Event and subtype: warning: shows warnings generated by AXS Guard.
  • event.description: shutdown: shows system shutdown events.

Combine multiple filter conditions with the AND and OR operators, e.g.:

type: "Event" and subtype: "fatal"

Filters can also be created by clicking on elements in the dashboard, as demonstrated in the example below.

For users looking to enhance their proficiency in navigating dashboards and utilizing filters, we offer a comprehensive online tutorial. This tutorial is designed to provide step-by-step guidance on maximizing the effectiveness of dashboards, along with insights into leveraging filters for refined data analysis.

AlertFilter

Monitoring

This dashboard allows authorized users to review and analyze AXS Guard UTM appliances for availability, operations, performance, security incidents and other related processes.

It is only accessible to authorized administrators and MSSPs to ensure that AXS Guard appliances are performing as expected and to mitigate problems as they become apparent.

Monitoring

Customization

Click in the top right corner of a metric to customize its settings.

MetricCustom

Data filters can be created with KQL syntax or by clicking on elements in the dashboard, as demonstrated in the examples below.

link_license: 0000-00012345 and @timestamp >= 90: Events related to license 0000-00012345 that are 90 days old or more.

For users looking to enhance their proficiency in navigating dashboards and utilizing filters, we offer a comprehensive online tutorial. This tutorial is designed to provide step-by-step guidance on maximizing the effectiveness of dashboards, along with insights into leveraging filters for refined data analysis.

MetricCustom

UTM Configuration Profiles

Management

Configuration profiles enable administrators or MSSPs to efficiently configure and manage various aspects of AXS Guard UTM systems through centralized and automated configuration.

They provide a standardized approach for controlling settings, encompassing firewall rules, GeoIP filters, DNS filters, and web filters.

  1. Navigate to the Management page.
  2. Click on the Add button.

    Profile

  3. Enter an appropriate profile name and description, then press the Submit button.

    Profile

Assignment

Profiles must be assigned to UTM appliances, which are identified by their license number, in order to allow the AXS Guard Cloud to push configuration settings in bulk. To use the Push AXS Guard Cloud config functionality, ensure that the selected appliances are running AXS Guard software version 11.0.15 or higher.

  1. Navigate to the Assignment page.
  2. Select the relevant UTM licenses and click on Update Profile.

    AssignProfile

  3. Choose the desired profile(s) for assignment.

  4. Complete the assignment process by adding the selected profile(s).

    AssignProfile

Firewall

Via the firewall rule pages, authorized users can configure AXS Guard firewall rules for deployment to large-scale installations. For a detailed explanation of AXS Guard firewall rules, please refer to the AXS Guard firewall documentation.

Towards Rules

Towards rules pertain to network traffic destined for a process running on the AXS Guard appliance, such as OpenVPN or SSTP client traffic.

  1. Navigate to Towards Rules and click on the Add button in the top right corner.

  2. Enter the requested information and make sure to assign the new rule to the correct configuration profile.

  3. Click on the Submit button.

    SubmitRule

Important - AXS Guard Configuration Required

In the AXS Guard user interface, rules configured via the AXS Guard Cloud will be shown with a cm-e (central management) prefix, e.g., cm-e-rulename.

RuleName

For rules to take effect, they must be assigned to a policy by a system administrator. Refer to the AXS Guard firewall documentation for additional information and configuration steps.

Through Rules

Through rules apply to network traffic passing through the AXS Guard appliance from one firewall zone to another, for example, from a client in the Secure LAN to a server in the DMZ or on the Internet.

To configure new rules, navigate to through rules and follow the same steps as explained in the towards rules section.

Important - AXS Guard Configuration Required

In the AXS Guard user interface, rules configured via the AXS Guard Cloud will be shown with a cm-e (central management) prefix, e.g., cm-e-rulename.

RuleName

For rules to take effect, they must be assigned to a policy by a system administrator. Refer to the AXS Guard firewall documentation for additional information and configuration steps.

GeoIP Filtering

GeoIP filtering or geo-blocking, a technology that can block network traffic to and from entire countries, can be an effective way to stop hackers from attacking your organization. As its name suggests, it blocks network connections based on geographic location – information it gets based on IP addresses.

Through the Country Groups page, authorized users can configure GeoIP filters, for deployment to large-scale AXS Guard installations.

Please note that the AXS Guard Cloud configuration always takes precedence over configurations that were made directly on an AXS Guard appliance. Using the Cloud configuration means that local GeoIP configurations may be overwritten.

  1. Navigate to Country Groups to add a new filter.
  2. Configure the appropriate settings, select the desired countries and make sure to assign the new filter to the correct configuration profile.
  3. Click on the Submit button.

SubmitRule

Web and DNS Filters

Through the URL Lists page, authorized users can configure web and DNS filters for deployment to large-scale AXS Guard installations. These filters control access to specific URLs and websites.

  1. Navigate to URL Lists to add a new filter.
  2. Configure the appropriate settings and make sure to assign the new filter to the correct configuration profile.
  3. Click on the Submit button.

SubmitFilter

Important - AXS Guard Configuration Required

In the AXS Guard user interface, filters configured via the AXS Guard Cloud will be shown with a cm-e (central management) prefix, e.g., cm-e-filtername.

FilterName

For web and DNS filters to take effect, they must be assigned to an AXS Guard proxy ACL or domain filter (DNS) by a system administrator. See the AXS Guard Web Access and DNS Security documentation for further information and configuration steps.

Cloud Access Management

Introduction

Through the Cloud Access Management page, authorized users can manage AXS Guard Cloud user accounts, and grant or revoke access to specific parts of the system as needed.

User Management

There are three roles: Admin, Sales, and Technical. Each role has specific access privileges. Users can be assigned one or more roles and are required to sign in with an email address linked to Google or Microsoft. Depending on the role, certain components on detail pages may either become visible or remain hidden.

Role Access
Sales View contract-related information and sales data. Also has access to the download center.
Technical Access to license-related information and basic technical actions. Also has access to the download center.
Admin Broad administrative capabilities; has access to additional buttons based on other roles. Also has access to Cloud Access Management and the download center.

Navigate to Users to add, modify or remove a user account.

CloudUsers

User Preferences

By clicking on the username in the top right corner and selecting preferences, users can customize their personal AXS Guard Cloud settings, such as homepage preferences and the session timeout.

CloudUserPreferences

Download Center

The download center provides a centralized and organized location for users to securely download software, such as the SecureDNS agent.

DownloadCenter

Support

If you encounter a problem

If you encounter any issues with the AXS Guard Cloud, don't hesitate to reach out to our technical support department.

Contact Information

(+32) 15-504-400
support@axsguard.com