Perch Network Sensor Integration Guide

Deployment Overview

Perch Security Sensors provide visibility into the traffic that passes through a configured mirrored interface. You can increase visibility for a network segment when you configure Perch together with a WatchGuard firewall and a managed switch, as described in this integration guide.

Integration Summary

To test this integration, we used these devices:

  • Perch Hardware Sensor
  • WatchGuard FireboxV installed with Fireware v12.2
  • Managed Switch capable of interface mirroring

Test Topology

Network Topology of Perch Security Network Sensor

Configure Your Firebox for Perch Sensor

On the WatchGuard Firebox, you must configure a policy to allow communication from the Perch Sensor to the Perch cloud app.

For more information on how to configure Firebox policies, see Policies.

  1. Log in to Fireware Web UI.
  2. Select Firewall > Firewall Policies.
  3. Select Add Policy.
    The Select a policy type dialog appears.
  1. Select the Custom policy type, and click Add .

Screen shot of the WatchGuard Custom Policy Add

  1. Provide a policy Name. The Description is optional. Select the policy type: Packet Filter.

Screen shot of the Add Policy Template Custom Policy

  1. Below Protocols select Add.
  2. From the Type drop-down list, select Single Port. Set the Protocol to TCP and the Server Port to 80.

Screen shot of adding protocol to a custom policy

  1. Select OK. Add a second Protocol for port 443. Select OK.
  2. Select Save on the bottom of the page.
    The Select a policy type page appears.
  1. From the Custom policy drop-down list, select the name of the packet filter policy you configured above in Step 5. Select Add Policy.

Screen shot of the custom policy add policy page

  1. In the From settings, remove the Any-Trusted alias.

Screen shot of the custom policy to modify

  1. In the From settings, select Add.
    The Add Member dialog box appears.
  2. From the Member Type drop-down list, select Host IPv4. Type the IP address of the Perch Sensor. Select OK.

Screen shot of the Add Member dialog

  1. On the bottom of the Policy page, select Save.

Configure Your Managed Switch

You must set up a managed switch for port mirroring on the subnet intended for the Perch sensor. See the documentation for your managed switch for specific configuration information.

Get the Perch Cloud App Invitation

Use the Perch Cloud app to generate an invitation code that you add to the Perch Sensor to register it with Perch Cloud.

  1. To get the Perch Sensor invitation code, log in or register at https://app.perchsecurity.com.

  2. Select the gear menu icon on the upper right. Select Device Invites.

Screen shot of the Perch gear icon to select Device invites

  1. On the right side, below Filter Invites, select +.
    The New Device Invite Code dialog box appears.
  1. Copy the case sensitive code.

Screen shot of the Perch new Device invite Code

Configure the Perch Sensor

You must configure the Perch Sensor to accept mirrored traffic from the switch and a management network. For physical sensors, you will need a keyboard and a direct monitor connection.

  1. Log in to the Perch command line with your username and password. The default username is perch and password is prairiefire.
  2. Use the tab key to choose the network interface and select No for DHCP.
  3. Type the IP address, netmask, and DNS server(s).

Screen shot of the Perch management network interface setup

  1. Tab to select OK.
  2. In the proxy setup section, select No when asked about the use of an HTTP/HTTPS proxy for communication with the Perch cloud.

Screen shot of the proxy settings in the Perch CLI.

  1. Use the tab key to select OK.
  2. In the monitoring interface setup section, select the interface to receive the mirrored traffic.

Screen shot of the Perch network monitoring interface setup

  1. Use the tab key to select OK.
  2. Type the sensor information: Sensor name, Sensor location, Zip code, Country code and optional Geohash.

Screen shot of Perch CLI sensor information

  1. Use the tab key to select OK.
  2. Configure the Perch Sensor with the invitation code you saved earlier.

Screen shot of the Perch CLI invite code entry

  1. Use the tab key to select OK.
    Wait while registration completes. It can take several minutes.
  1. When Perch Cloud registration completes, you will see a success message.

Screen shot of the Perch registration success

Test the Integration

When the Perch Sensor is operating and can communicate to the Perch Cloud app, your network traffic information will show on your Perch account.

  1. Log in to your Perch App at https://app.perchsecurity.com/login.
  2. Select Perchybana.

Screen shot of Perch App menu

  1. The traffic list appears in a format that allows keyword search.

Screen shot of Perch log search

After your Perch Security device is set up, you have the option to join public or secret Communities and set up Alerts. You can use Communities to aggregate data with other users to understand the nature of your traffic. You can create Alerts when data triggers a rule. Each alert contains information about the payload that triggered the rule.