About the Security Intelligence Platform
The Security Intelligence Platform (SIP), the industry-leading firewall and network device policy management solution, allows you to continuously analyze, visualize and improve your existing network security infrastructure and firewall management. SIP is designed as a single sign-on point to access all licensed SIP modules. All SIP modules interact with firewalls using machine-to-machine communication.
Administration is used to perform system, user, and device-related administrative tasks for all modules.
Security Manager is used to give you an in-depth look at your entire firewall network.
Policy Planner is an add-on module* used to manage changes to the firewall, from the initial access request to solution design, through implementation and verification.
Policy Optimizer is an add-on module* used to create compliance controls within Security Manager to ensure that all rules are reviewed periodically to confirm that they are still relevant and required.
Risk Analyzer is an add-on module* used to measure the risk to your network assets based on simulated network attacks that uncover host vulnerabilities. At this time, Risk Analyzer is part of the Administration and Security Manager applications; it is not a separate module but still requires a separate license.
*Add-on modules require a separate license.
SIP Components
Application Server (AS): Servers with this role run the SecMgr and Workflow services and expose their HTTP APIs to network consumers. These servers also expose the web-based user interface applications. An ecosystem must have at least one server with this role.
Certificate Authority (CA): FMOS uses TLS and IPsec to enable secure communication between SIP components, including the PostgreSQL database, the Elasticsearch index, SecMgr, the Data Collector, etc. These protocols use X.509 certificates to authenticate the communicating parties to one another. FMOS manages an X.509 Certificate Authority to issue and validate these certificates. Exactly one machine in the FMOS ecosystem must have this role. Under normal circumstances, the first machine created in the ecosystem will hold the CA role.
Database (DB): Servers with this role run the PostgreSQL database management engine, which houses the data used by FireMon Security Manager. Additionally, these servers store data, such as normalized configuration, in files on the file system, which can be shared with other servers in the ecosystem. An ecosystem can have exactly one server with this role.
Data Collector (DC): Servers with this role are responsible for communicating with devices managed by Security Manager, for example to retrieve configuration and process log messages. An ecosystem must have at least one server with this role.
Enterprise Search (ES): Servers with this role run ElasticSearch to provide high-performance search capability for FireMon Security Manager. There must be at least one machine with this role in the ecosystem. It is typically held by the same servers that hold the database server role.
Graphical User Interface (GUI): Interactive environment for viewing device data stored in the database. The GUI must have connectivity with the application server and a web browser.
SIP Icons
The following table defines the icons seen in module toolbars.
| Icon | Description |
|---|---|
 or  |
Click this icon to open a menu with user account and software version information. |
|
|
Click this icon to open a menu with other modules you have access to. |
|
Click this icon to open a menu of actions that can be performed. |
| * | A red asterisk icon denotes a required field. |