Once the Virtual Appliance (VA) has been added to the Lumu Portal and imported into a hypervisor it is time to configure the Lumu VA to collect network metadata to illuminate threats, attacks, and adversaries coming from your network.
After starting the virtual machine on your hypervisor, it will perform status checks and prompt if it needs to be activated/initialized.
After logging into the Lumu VA for the first time, you will be prompted to enter the activation code you received when you created your
Virtual Appliance on the Lumu portal:
Once you enter the appliance’s activation code, it will start downloading the latest version of the Virtual Appliance software and perform some pre-configuration tasks.
During its initialization, the appliance will display a network IP configuration screen. This screen will automatically detect the current IP configuration obtained via DHCP (if available).
Fill in the IP configuration using the TAB key to move between fields, and then hit ENTER to apply it. Once applied to the network configuration, you will receive confirmation and a prompt to start the appliance.
The appliance will prompt if you want to configure a proxy. You can add or change this configuration later using the command lumu-appliance set proxy.
In the next step, select the security configuration you want to set for your Appliance. If your environment requires advanced security configuration such as DNSSEC, TLS, or filtering local addresses, select the option “Additional secure configurations”. Otherwise, select “Basic
Lumu VA offers default DNS Settings. You can manage these settings using the command lva-forward-zones (this is a short version for the command lumu-appliance set resolver forward-zones). By default, the primary and secondary DNS Server fields are already populated with public DNS Servers, which is adequate for most small networks. However, if you have local primary and secondary DNS servers, you should specify your DNS servers accordingly.
In the forward zones settings, you will have the option to specify if you plan to use TLS (Transport Layer Security). If you use TLS, you should set the DNS addresses in the following format:
Once you have the appliance configured, the next step is to set your environment to use the Lumu VA as DNS Server and implement Collectors as needed. We have created the following guides:
You can access and manage the Virtual Appliance settings using SSH (Secure Shell). Some commands will require privileges, in which case you will be prompted to enter the sudo credentials.
To obtain the list of available commands and their descriptions, use the following command: