Deployment

Whether you're a new customer or looking to expand your current scope with WALLIX One PAM, follow the steps below to get started:

Sharing Technical Information

A meeting is held where WALLIX shares the technical details required to establish the connection between your network and WALLIX One PAM.

During this meeting, WALLIX provides the following information:

• WALLIX One PAM Tenant Gateway IP Address
• WALLIX One PAM Tenant Phase 2 Subnets:
  • Public service address: corresponds to the IP address obtained when the FQDN used to connect to WALLIX One PAM is resolved
  • Internal network: prefix visible when connections to your internal services (Active Directory, DNS, etc.) or target machines (SSH, RDP, etc.) are initiated from Wallix One PAM

Tunnel Configuration

NOTE

The configuration process must be repeated for each required tunnel.

IMPORTANT

We strongly recommend setting up the tunnel during a workshop involving the customer, the integration partner, and WALLIX CloudOps.

The tunnel configuration begins on your premises. Use the information provided by WALLIX and refer to the documentation for your network device to configure a tunnel to WALLIX One PAM. Detailed instructions are available on this page.

If you are using one of the following providers, you can refer to their specific configuration guides:

• AWS Gateway
• Azure Gateway
• GCP Gateway
• Stormshield

Once the tunnel is configured on your side, WALLIX will complete the configuration on its side.

Authorize Outgoing Internet Traffic

IMPORTANT

By default, WALLIX One PAM does not allow any outgoing traffic to the Internet.

To integrate WALLIX One PAM with third-party services hosted on the Internet, WALLIX One PAM operators need to explicitly authorize the outgoing traffic to the services in question. For each service to open, you need to provide the following information:

• The service name
• The component which integrates with the service (Bastion or Access Manager)
• The list of destination IP addresses or subnets
• The list of destination ports
• The protocol (TCP or UDP)

INFO

Examples of integrations which may require to configure outgoing Internet traffic:

• SMTP server
• SIEM
• Identity Provider with OIDC protocol

Use of FQDN in W1PAM

If you want to access external services available on the Internet via their FQDN rather than their public IP address, Bastion must be able to resolve these services. Configuring a DNS (Google, Cloudflare, etc.) is therefore essential. You can configure it on the System -> Network page, in the DNS field.

Validation

Validate that WALLIX One PAM is ready to use by accessing the various interfaces from your corporate network:

• Administration Interfaces
• User Interfaces

NOTE

To complete the deployment phase, WALLIX requests screenshots of login pages as a proof of delivery.