Documentation forAccess Rights Manager

IP whitelisting

IP whitelisting allows you to create and enable a list of trusted IP addresses that can access the ARM server and collector. When IP whitelisting and the Windows Firewall are enabled on a supported ARM server, all users from an untrusted IP address are restricted from accessing the server and collector.

The IP whitelisting functionality is currently supported only on systems with Windows Firewall. If you are running a firewall created by a non-Windows vendor, follow the vendor’s firewall documentation and apply the firewall settings manually as instructed in Secure your ARM deployment.
See Secure your ARM deployment for additional security recommendations.

Enable IP whitelisting on the ARM server

  1. Log in to the ARM Configuration Wizard.

  2. In the left menu, click IP Whitelisting.

  3. In the IP Whitelisting window, drag the toggle switch to the right.

    The following windows display in the screen:

    • Local Port

    • Inbound Rule for the Port

Add ports

The Local Port window lists all local ARM server ports that will be restricted to your IP whitelist. You can select ports from the Default Ports list and add additional ports as needed.

See Port Requirements in the system requirements for a list of default ports on the ARM server.

  1. Click Default Ports.

  2. Select the ports that apply to your IP whitelist, and then click Add.

    The selected ports are added to the Local Port table.

Add a non-default port

In the Enter port number field, enter an additional port number and then click Add Port.

Delete a port

Click to delete a port from the list.

Add hosts

The Inbound Rule for the Port table window allows you to add all configured collectors as trusted hosts. If you have ARM client applications installed on other hosts, you can add a host in the Enter Host field and then click Add Host to manually add a host to the trusted list.

  1. In the window, click Add Collectors.

  2. Select a collector, and then click Add.

    The host displays in the window.

Add other hosts

If you have ARM client applications running on other hosts, you can manually add these hosts to the Host Name column in the Inbound Rule for the Port window.

  1. In the Enter Host field, enter the name of the host running an ARM client application.

  2. Click Add Host.

    The new host displays in the Inbound Rule for the Port table.

  3. Repeat step 1 through step 2 for each additional host (If required).

Delete a host

Click to delete a host from the list.

Review the inbound rules

When you are finished adding the collectors and hosts and save your changes, ARM enables the Windows Firewall on the ARM server and creates an inbound rule with the given parameters.

Disable IP whitelisting on the ARM server

The following steps disable the ARM firewall rules. The Windows Firewall on the system would not be turned OFF. This action might impact some ARM functionalities. The user is expected to manually turn off the Windows Firewall on the ARM server as needed.
  1. Log in to the ARM Configuration Wizard.

  2. In the left menu, click IP Whitelisting.

  3. In the IP Whitelisting window, drag the toggle switch to the left.

  4. Click Save.

    IP whitelisting is disabled.

Configure the ARM collectors

IP whitelisting on the ARM server must be turned ON for this feature to be activated on the collector machines.

Add collectors

Adding new collectors from the ARM server automatically enables ARM to turn on Windows Firewall on the ARM collector and creates an inbound rule with the default parameters.

See Add Collectors for instructions on how to add new collectors to the ARM server.

The administrative credentials must be provided while adding new collectors, as shown below.

The IP whitelisting feature would be pushed only for new collector installations from the ARM server. If the target system is running a collector, IP whitelisting would not be applied to the system.

Update collectors

Updating your existing collectors from the ARM server automatically enables ARM to turn on Windows Firewall on the ARM Collector and create an inbound rule with the default parameters.

The administrative credentials must be provided before you update the collectors, as shown below.

See Update Collectors for instructions on how to update your existing collectors on the ARM server.