Up next in 10
New Advanced Features from Unimus - Network Automation, Config Backup, Change Mgmt Tool
3 views
Jun 15, 2025
This video is to continue introducing Unimus's new advanced features: - The new LDAP authentication support (in addition to RADIUS support) - The new Object Access Policies - The new Config Search, Export, and Send functionality - Unimus Server and Remote Core deployment Related Post: ✍https://blog.51sec.org/2022/09/unimus-network-automation-and.html Related Videos: 🌟https://youtu.be/7eMDvVQkS-U 🌟https://youtu.be/4bFziNv_IC0 🌟https://youtu.be/my5uX99iCB4 💖Chapters: 0:00 - Introduction 1:06 - Lets Start It - Topology 2:14 - LDAP Integration 7:08 - Tag & Object Access Policy 11:19 - Config Search, Export, and Send
View Video Transcript
0:00
[Music]
0:13
hello everyone welcome back to my
0:15
channel This is Johnny In my last video
0:19
I introduced this unonymous network
0:23
automation tool configuration backup
0:25
tool and also change management tool So
0:28
I had uh two videos to show you how to
0:31
install it with local deployment also
0:34
with remote free MSQL database plus some
0:38
features
0:40
In this video I'm going to continue to
0:43
show you some advanced features such
0:47
a authentication
0:48
configuration search export remote core
0:52
deployment for the distribution
0:54
installation
0:56
If we get them enough time we'll talk
0:57
about the new object access policies
1:00
compliance reporting and new custom
1:02
backup flows Now let's jump into it
1:10
The topology is same as before we are
1:13
using we have local deployment UNIM
1:17
server on Windows 2019 servers We have a
1:21
domain controller 192.168.2.14 214 which
1:24
we going to integrate it LDAP So we can
1:28
use LDAP users to login We will see how
1:31
that configuration looks like We have
1:33
another network on 192.168.11
1:37
This network we're going to deploy
1:39
remote core into a Linux box which we
1:44
can use to manage remote devices
1:47
You also can see I using Microsoft SQL
1:50
database in the cloud So my unimus
1:54
server here directly connect to this
1:57
MSSQL database Some other devices here
2:01
on local or on another network which you
2:04
can use as example to how to discover
2:07
those devices how to manage it and
2:11
schedule back up it So that's a basic
2:13
topology
2:19
Previously I already logged in with my
2:22
local admin account So we can do same So
2:26
we're going to integrate with LDAP Then
2:28
we can use LDAP to log in To config LDAP
2:33
you will need to go to settings user
2:35
management LDAP configuration You will
2:38
need to put the into LDAP server address
2:41
which is basic IP address should be
2:44
enough here based on our topology at
2:47
192.168.24
2:57
LDAP access user DN and also LDAP base
3:02
DN which is a little bit tricky to find
3:04
out but I will show you in this video I
3:07
have 192.168.2.14
3:11
running a virtual machine You will need
3:13
to get the active directory users and
3:15
the computers
3:17
This is our domain controller You can go
3:20
to Windows administrative tools
3:23
users and the computers
3:27
Once you have that opened you may want
3:30
to enable advanced features from view
3:33
menu We're going to find out a OU which
3:37
we can use to log into our unimus So I
3:42
have a test OU and the users OU and it
3:45
OU here I'm going to configure this IT
3:49
OU as the base OU to be able to log to
3:53
Unimus So all users inside of this OU
3:58
will be able to log to Unimus basically
4:01
and at the mean one will be the one user
4:04
to connect in from unimus to my domain
4:09
controller which has a ability to query
4:13
the users from our domain controller How
4:16
we can get the DN distinguish name since
4:19
we enabled the advanced feature this
4:22
will be simple We will just go to the
4:25
properties for the account
4:28
You go to attribute editor
4:31
Scroll down to
4:34
distinguish the name and then copy of
4:38
information This is a DN name
4:40
Distinguish the name which we're going
4:43
to use in our unimus configuration
4:48
Of
4:52
course you need a password for it For
4:55
this lab we don't want to use LDAP s yet
4:58
because it's a certificate part which is
5:01
going to need more extra steps to get
5:04
that done For demo purpose we just using
5:07
LDAP
5:09
LDAP base DN is for the user searching
5:13
It is the OU We're going to search the
5:15
user from the OU Let's go back to our
5:18
domain controller That's the it this u
5:21
we're going to search the user from here
5:24
Same thing you can get distinguish the
5:27
name
5:31
Copy it out
5:35
We're going to put into here Here is the
5:38
tricky part User identifier So we're
5:40
going to use same account name as the
5:44
user identifier
5:47
After you did all those make sure you
5:49
enable LDAP Then save it You can put the
5:53
LDAP filter here as well For demo
5:56
purpose we just need to keep it empty So
5:59
we can search the whole oil
6:03
After this step down you can choose test
6:06
Test it out For example I'm going to use
6:08
admin one
6:12
here Based on all this testing it works
6:16
After you configure the LD app then you
6:18
need to add a users
6:21
Go to the top of this page Add one user
6:25
So you need to add users in So I'm going
6:28
to use admin one So you need to keep the
6:31
same name And uh
6:34
don't forget using LDAP authentication
6:36
You don't need to put the password in
6:38
And here is a row you want to put in
6:40
there And of course you can choose
6:44
object access policy We didn't touch
6:46
that part We will change it later on And
6:48
it's okay So we config one Now let's
6:52
test it out
6:55
Put the password in This is our domain
6:58
user password Login
7:02
Perfect We logged in as our admin one
7:05
user using the LDAP account
7:13
LDAP authentication configured simple
7:16
and easy Um since we are talking about
7:18
the user access we may want to try
7:21
object access policies here This also
7:24
can be done from user management list
7:27
page settings Uh as you can see since
7:30
I'm only read user the read permission I
7:34
won't be able to access this page I'm
7:36
going to switch to local admin account
7:38
admin
7:43
I'm going to create a new user called
7:45
admin 2 which also using LDAP account
7:50
but I'm going to give operator access
7:53
object access policy is on the user
7:56
management list page Right now by
7:59
default you have all object the policy
8:03
you have no object policy you can create
8:07
a new one new policy but before we doing
8:10
that we need to tagging it object ex
8:13
policy is more flexible if you are using
8:16
tags and tag your device properly so we
8:20
have to do the tagging let's add a
8:22
couple of tagins so for example I add a
8:26
switch as one of the tagging and also
8:29
firewall as one of taggings
8:32
Then we have to tag our devices using
8:35
those tagging
8:37
This is our switch Cisco switch So we
8:40
put tags here
8:43
We gave a tag
8:47
Confirm
8:49
So you see the tagging icon at the end
8:52
of this device
8:54
other two foret and palo auto they are
8:58
firewalls So let's do tagging as well
9:02
one by one
9:05
confirm
9:12
After we finish the tagging we can come
9:14
back to the user management page object
9:17
access policies
9:20
So now we can add a switch access policy
9:25
base access or object with tag
9:28
exceptions Let's choose this one
9:32
Access policy created but we need to
9:35
config for it So available tax is switch
9:40
Let's remove
9:42
firewall
9:43
This will be an exception So we only
9:46
have switch here Save
9:50
Same thing We're going to create the
9:51
firewall access policy
10:02
So this is our firewall policy We'll
10:04
keep it here We will remove switch text
10:08
to the exception Add to exception
10:12
Save
10:14
Please notice here
10:17
there's no account associated with those
10:20
object access policy So we have to
10:23
configure our account to use those
10:25
policy So to do that just select the
10:30
account manage permission
10:33
and you will see object access policy
10:35
right now is all object Let's move to
10:38
switch
10:40
Okay And admin
10:43
we're going to give firewall access
10:48
Perfect Let's log out and take a look
10:53
Let's try admin 2
10:56
B we logged in Let's look at devices
11:00
We only able to see the firewalls
11:03
because based on access policy admin has
11:07
associated with firewall access policy
11:11
and admin one
11:14
will be only able to see switch policy
11:17
Only one switch showing here
11:23
In the new version uh the configuration
11:26
search export and send functionality has
11:28
been enhanced a lot You should be able
11:31
to see the configuration search
11:34
this menu and uh click on it and search
11:37
a bunch of VLANs So you will see all
11:40
configuration After that you can export
11:43
it out by HTML You can download file and
11:46
then you can send the file to email send
11:49
the file to Slack channel Those are very
11:52
helpful feature if you need to download
11:54
it and share with someone or you want to
11:57
open it from different program
12:01
Same thing you can do that from backups
12:03
as well Go to the backup page You will
12:08
find all devices you have backed up You
12:11
can view it You can export it You can
12:14
download file and send file to email
12:17
Once you have that configuration stack
12:19
channel send it also you need the
12:21
configuration nice functions if you are
12:24
looking for manage your configuration
12:27
better and search your configuration
12:29
better I won't go there since the video
12:32
time is limited I don't want to get the
12:35
video too long I will focus other
12:38
features those are very straightforward
12:40
things you can do
12:46
one last things I want to cover in this
12:48
video is remote core deployment
12:51
As I presented in the topology we have a
12:55
separate network
12:57
which you were not able to direct to
13:01
manage or discover a device using your
13:05
unimas deployment You need to have a
13:07
remote call to manage your remote
13:09
network So we're going to deploy that
13:13
I have server installed the Linux on it
13:18
and just need to log in
13:25
Log in as loot
13:29
Unimus has a good documentation
13:33
to show you how to install Unimus and
13:37
Unimus core So you will find the unimus
13:40
unimus core and the download page Choose
13:43
unimus core here and you will see Linux
13:45
installers Windows installer or other
13:48
platforms Uh we are using Ubuntu So you
13:51
can direct click on it Oh here's a
13:53
command
13:55
Just throw them into your configuration
13:58
So that's how simple it is
14:02
Just copy paste in and then you can
14:06
start installing They will check all
14:09
dependencies they will do a update for
14:12
you It might take a while but it will
14:14
get you there So while it's working
14:18
there's a one step we need to do We need
14:20
to get the access key from our Unimus
14:24
server How we get that let's go back to
14:26
our Unimus web UI
14:30
It's called zones
14:32
By default you have default zone zero
14:36
which is built in I have all device in
14:38
there But you can add a new zone Let's
14:41
say call it
14:44
remote one
14:46
at my zone name and description You can
14:49
put anything You can put the IP address
14:52
So
14:55
you know which remote zone it is Zone ID
14:59
Since we use the zone zero I'm going to
15:01
start with zone one And the connection
15:05
method There's two ways embedded or
15:08
remote call we are using remote call So
15:10
confirm for that
15:15
So new zone going to be created
15:19
expand it You will see remote core
15:22
access key
15:24
and also you can apply tags and will if
15:27
you have device there you will show the
15:29
device how many device found in there So
15:32
right now let's get the a key here
15:36
since we're going to use it very soon in
15:38
our deployment
15:41
I going to paste my key here
15:44
for next step So it's installing the
15:47
Java right now since they didn't find
15:50
Java version on the local Linux server I
15:54
will pause the video to wait this step
15:57
down since it take a couple minutes
16:07
Perfect Now it's in a stab you name
16:10
server address So where is your server
16:13
located basically they're asking what's
16:16
your server IP
16:18
based on our web UI you will see the
16:20
server IP 2.149
16:23
So that's what we need to put in there
16:33
default port 5509
16:36
There's one thing you need to remember
16:38
because by default Windows has firewall
16:40
on it You might need to open firewall
16:44
port or you may need to disable your
16:46
firewall to allow this 5509 port inbound
16:51
coming So basically allow your remote
16:54
call to connect to your unimus Here is a
16:58
unimus server access key So let's put in
17:01
here one thing we want to double check
17:05
right now You see call status is offline
17:08
So we should be able to see online once
17:11
we connect to it
17:15
Perfect The core should now be installed
17:18
and starting
17:20
Let's go back to our
17:25
universe
17:26
Perfect You see it still online It
17:30
doesn't show the remote call IP because
17:33
NAT
17:35
remote call is using 1921 168.11 that IP
17:39
address But when they connect back to
17:41
192.168.2 network they did NAT and they
17:45
change it to this IP That's NAT address
17:49
So I just want to make sure that So now
17:52
you should be able to starting to
17:54
discover device in the remote network as
17:58
we do for a local Here is a network scan
18:04
Add preset
18:07
name 192.168.11
18:12
X
18:16
automatically addit schedule is scan
18:19
schedule at 3:00 a.m Then you need to
18:22
select zones and then select network
18:26
save it
18:30
from now on every day 3:00 a.m and you
18:33
should be able to scan the remote
18:35
network You should be able to
18:38
automatically add your new science into
18:42
your unimas for your management So
18:44
that's all for this video I hope you
18:47
like it If you do give me a thumb up and
18:50
subscribe my channel to support me Thank
18:53
you for watching See you in my next one
19:00
I'm
19:01
[Music]
19:04
up my
#Network Monitoring & Management
#Network Security