Page created: 6 Nov 2020
|
Page updated: 12 May 2021
You can change the default settings in ASE by editing the
ase-defaults.yml
file. The following table lists the variables that
you can set for ASE: Variable | Description |
mode
|
Sets the mode in which ASE is deployed. The default value is
inline . Set the value to
sideband if you want ASE to work in the
sideband mode. |
http_ws_port
|
Data port used for HTTP or WebSocket protocol. The default value is 8090. |
https_wss_port
|
Data port used for HTTPS or secure WebSocket protocol. The default value is 8443. |
management_port
|
Management port used for CLI and REST API management. The default value is 8010. |
cluster_manager_port
|
ASE node uses this port number to communicate with other ASE nodes in the cluster. The default value is 8020. |
keystore_password
|
The password for ASE keystore. The default password is
asekeystore . |
cluster_secret_key
|
This key is used for authentication among ASE cluster node. All
the nodes of the cluster must have the same
cluster_secret_key . This key must be entered
manually on each node of the ASE cluster for the nodes to
communicate with each other. The default value is
yourclusterkey . |
enable_ase_detected_attack |
This key is used to enable ASE to block auto detected attacks. Set this
value to true , to allow ASE to block auto detected attacks.
The default value is false . |
enable_abs_attack |
This key is used to enable ASE to fetch attack list from ABS. Set this
value to true , to fetch the list from ABS. The default
value is false . |
enable_sideband_keepalive
|
This key is used only in ASE sideband mode. Setting it to
true , ASE sends a keep-alive in response header
for the TCP connection between API gateway and ASE. With the default
false value, ASE sends a connection close in
response header for connection between API gateway and ASE. |
Email default settings |
Configure the following settings:
|
CLI admin password |
The default value for CLI admin is admin . To
change the password, you need to know the current password. |
timezone |
Defines ASE's timezone. The possible values are local
or utc .Note: This variable is deprecated in
PingIntelligence 4.4.1. A new common variable for time zone settings
across PingIntelligence components is added in hosts file. |
Important: Make sure to take a backup of the
ase-defaults.yml
file on a secure machine after the automated
installation is complete.Following is a sample
ase-defaults.yml
file: ---
ase:
# Deployment mode for ASE. Valid values are inline or sideband
mode: inline
# Define ports for the PingIntelligence API Security Enforcer
# Make sure ports are not same for single server installation
http_ws_port: 8090
https_wss_port: 8443
management_port: 8010
cluster_manager_port: 8020
# Password for ASE keystore
keystore_password: asekeystore
# cluster_secret_key for ASE cluster
cluster_secret_key: yourclusterkey
# enable keepalive for ASE in sideband mode
enable_sideband_keepalive: false
# Configure Email Alert. Set enable_emails to true to configure
# email settings for ASE
enable_emails: false
smtp_host: smtp.example.com
smtp_port: 587
sender_email: sender@example.com
email_password: password
receiver_email: receiver@example.com
# CLI admin password
current_admin_password: admin
new_admin_password: admin