home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Install Secure Private Access (SPA) Connector

Using Debian or RPM packages

You must install the SPA connector on the machine that accesses the applications or services.

Hardware and Software Requirements

The machine where you install the SPA connector must meet these requirements:

Operating System
  • Ubuntu 20.04.5 LTS (Focal Fossa)
  • RHEL 8.x
CPU 4 core
RAM 16 GB
Disk Space 100 GB or more
Java Development Kit (JDK) JDK 17

Lookout supports OpenSSH 8.2 or lower versions for SSH over Secure Private Access. The SSH over Secure Private Access supports RSA and DSA keys.

Configure Firewall Settings

You must configure the firewall settings in your organization to allow necessary outbound connections required for the Lookout Cloud Security Platform.

  1. Allow outbound connection from the Secure Private Access connector on port 443.
  2. Allow outbound connections to register the Secure Private Access connector to the Lookout node manager service.
    You can view the Node Manager Endpoint URL in the connector Configuration page in the Management Console.

    Configure Ports

    On the connector node, you must open certain ports to establish proper communication with the Lookout Cloud Security Platform.

    Open these ports:

    Ports Description
    Outbound UDP ports 500 and 4500 To establish an IPsec tunnel from the SPA connector to the Lookout Cloud Security Platform cloud service.
    Outbound TCP Port 443 Used for internal communication between the Lookout cloud service and the SPA connector.

    Download Secure Private Access Connector Package

    To configure access to enterprise private applications, you must install the on-premise connector on the machine that accesses the private applications or services.

  3. In the Management Console, select Administration > System Settings.
  4. In the Software menu, select Downloads.
  5. Select the connector package depending on the OS of the machine.
    • Ubuntu: Select On-Premise Connector - Debian, a deb package for Ubuntu 20.04 LTS.
    • RHEL: Select On-Premise Connector, an rpm package for RHEL.
  6. Click the Download icon and copy the downloaded connector package to the machine where you want to perform the installation.

    Install JDK 17

    The ZTNA connector installation requires JDK 17, so you must install JDK 17 on the host machine before installing the ZTNA connector.

  7. Run these commands to install JDK 17:

    • Ubuntu:

      sudo apt install openjdk-17-jdk
sudo update-alternatives --config java

    • RHEL:

      sudo dnf install java-17-openjdk-devel
  8. Run this command to confirm the JDK 17 installation: java -version

    If the installation is successful, the JDK version number will include 17.x.x.

    Install Secure Private Access Connector

  9. Run these commands to upgrade the OS packages:

    • Ubuntu:

      sudo apt-get update sudo apt upgrade

    • RHEL:

      sudo yum install epel-release sudo yum update
  10. Run this command to start the installation in a Linux instance, where <version> is the current version of the .deb or .rpm file in the Management Console:

    • Ubuntu: Use the .deb file you previously downloaded from the Management Console.

      sudo apt install ./enterprise-connector_<version>_amd64.deb

    • RHEL: Use the .rpm file you previously downloaded from the Management Console.

      sudo yum install ./enterprise-connector-<version>.x86_64.rpm
  11. When prompted to install the packages, enter Y.
  12. Run this command to execute the installation configuration script: 
    sudo /opt/ciphercloud/node-server/install.sh
  13. Configure these system prompts:
    System Prompt Response
     
    Please enter Node Manager Endpoint (wss://{hostname}:{port}/nod eManagement):

    Enter the Node Manager Endpoint URL you previously copied from the Management Console.

    To copy the Node Manager Endpoint URL again:

    1. Select Administration > Node Management

    and expand the node you created.

    1. Click the Configuration tab and copy the URL in the Node Manager Endpoint field.
    Input Tenant Id:

    Enter the Tenant ID you previously copied from the Management Console.

    To copy the Tenant ID again:

    1. Select Administration > Node Management

    and expand the node you created.

    1. Click the Configuration tab and copy the Tenant ID in the Tenant ID field.
    Input Node Server Unique Name:

    Enter the Node Server Unique Name that you provided to the node you previously created in the Management Console.

    To find the node name, select Administration > Node Management in the Management Console and locate the node.

    Input Node Server Token:

    Enter the Node Server Token you previously copied from the Management Console.

    To copy the token again:

    1. Select Administration > Node Management

    and expand the node you created.

    1. On the Configuration tab, copy the Node Server Token value from the Node Server Token field.
    Does upstream proxy exist? [y/n]: n
    		 When prompted to specify if the upstream proxy exists, enter n, because the Secure Private Access connector does not support upstream proxy.
  14. In the Management Console, select Administration > Node Management.
  15. Expand the correct node to verify the utilization data and confirm the configuration.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.