Symantec Privileged Access Management

Expand all | Collapse all

CA PAM session recording is not working for TCP/UDP services

  • 1.  CA PAM session recording is not working for TCP/UDP services

    Posted Oct 22, 2018 01:01 AM

    Hi Team,

     

    I have created TCP/UDP applications as a local application.I have configured sessions recording for this.But iam not able to record the sessions for this tcp applications. Iam able to record the sessions for other RDP application services.

     

    Please rpovide any solution to record the sessions for tcp/udp services.

     

    Thanks.



  • 2.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 22, 2018 01:09 AM

    Your " configured sessions recording for this" means to set the configuration in Policyes >> Managed Policies >>  (a specific policy) >> Recording tab >> check the check box?

     

    Best regards, Kosei



  • 3.  Re: CA PAM session recording is not working for TCP/UDP services

    Posted Oct 22, 2018 01:15 AM

    Hi,

     

    I have already checked that checkbox. That is working for others like RDP and SSH. But it is not working for any  tcp/udp services only.

     

    Thanks & Regards

    Bhumesh Archalwar

    Locuz Enterprise Solutions Ltd.

    Tel: +9140-4500 4639,Cell : +91 8985707404



  • 4.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 22, 2018 09:28 AM

    Hi Bhumesh

    I am very much afraid what you are trying to do can't be done within the present functionality of the product. Please see the following idea which was opened some months ago (which you are welcome to vote up)

     

    https://communities.ca.com/message/242037771

     

    This follows a case in which a customer was trying to record sessions initiated from a local Putty connection and could not. For Web portals which are also TCP/UDP services as you know recording is only possible using the CA PAM browser

     

    Hope to have helped



  • 5.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 22, 2018 11:40 AM

    Hi Buhmesh, 

    What kind of application are you trying to record? Can you share the TCP/UDP Service configuration?

     

    As Miquel says, if you are trying to launch a tool like PuTTY and then enter the server IP or FQDN, then this won't be recorded.

     


    Thanks,
    Regards,
    Celeste



  • 6.  Re: CA PAM session recording is not working for TCP/UDP services

    Posted Oct 23, 2018 12:24 AM

    Hi,

     

    Please find the below TCP/UDP service configuration.

     

    Service Name: Vsphere client, as a local service.

     

    TCP/UDP service Path:   "C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe" -s

     

    After this configuration  I am attaching this to device and creating the policy. But  not able to record session for this.

     

    Thanks & Regards

    Bhumesh Archalwar

    Locuz Enterprise Solutions Ltd.

    Tel: +9140-4500 4639,Cell : +91 8985707404



  • 7.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 23, 2018 01:39 AM

    Hi Bhumesh

     

    For what I can see you are using vpxclient, which is a vmware infrastructure client, to connect. As mentioned before, the problem is that this will tunnel through PAM and the product will not be able to track the contents of the traffic. That is why it can't be recorded. As of my understanding, it is the same situation as the putty client.

     

    In such cases, other than suggesting an idea to be opened in the communities, even if I am not sure how feasible it would be, the usual workaround we recommend is to configure the service via transparent login or as an RDP service in a jump server, and then enable session recording for accessing that server, therefore indirectly recording the activity.

     

    Hope this has been of use



  • 8.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 23, 2018 12:31 PM

    Bumesh, Can you clarify what your setting is for the Application Protocol in the TCP/UDP service? That determines on whether the session can be recorded or not. If the protocol is "Disabled”, there will be no recording.



  • 9.  Re: CA PAM session recording is not working for TCP/UDP services

    Posted Oct 23, 2018 11:35 PM

    Hi,

     

    I tried with all the protocols like SSH , telnet and etc. But no use.

     

    Thanks & Regards

    Bhumesh Archalwar

    Locuz Enterprise Solutions Ltd.

    Tel: +9140-4500 4639,Cell : +91 8985707404



  • 10.  Re: CA PAM session recording is not working for TCP/UDP services

    Broadcom Employee
    Posted Oct 23, 2018 11:38 PM

    The protocol is not a free choice. It has to match the type of server you are connecting to, or be set to Disabled if it's not a protocol we have built-in support for.



  • 11.  Re: CA PAM session recording is not working for TCP/UDP services

    Posted Oct 23, 2018 11:42 PM

    Hi,

     

    That is ok. I have tried all the protocols in PAM tool.no protocol is working. Please tell us, which protocol to use for Vsphere client and for MSSQL studio?

     

    Thanks & Regards

    Bhumesh Archalwar

    Locuz Enterprise Solutions Ltd.

    Tel: +9140-4500 4639,Cell : +91 8985707404



  • 12.  Re: CA PAM session recording is not working for TCP/UDP services
    Best Answer

    Broadcom Employee
    Posted Oct 23, 2018 11:52 PM

    Such clients typically are launched on a jump server using RDP connections and transparent login, see https://docops.ca.com/ca-privileged-access-manager/3-2-2/EN/implementing/provision-users-and-devices/provisioning-devices/setting-up-transparent-login/set-up-transparent-login-for-rdp-servers . RDP sessions can be recorded.