10-26-2010 06:27 AM
Hello,
We have CW with LMS version 2.6.
We have Cisco switches/routers and NOKIA FW
When we run User Tracking, we recieve information from all devices that are not behind the FW.
We cannot get info from devices that are behind the FW
I understand that the problem occurs because the L3 table is managed by the FW.
1. What can we do to be able to use CW(with our current version) on all devices on LAN ?
2. If we upgrade the LMS to a later version, will we be able to use UT on devices behind FW?
3. Is there any other solution to monitor/manage devices behind FW ?
regards'
harel rami
10-26-2010 06:43 AM
To see user devices behind your firewall, UT must have management visibility (be configured to manage those devices, have credentials and be allowed in via the prerequisite ports) into the switches and routers that support them. It correlates information from ARP tables and mac-address tables to compile its database. Several TCP and UDP ports are required for this functionality to work, as documentd in the LMS 2.6 Quick Start Guide. Upgrading LMS will not change this basic tenet.
10-26-2010 07:25 AM
Hellow mr. mklemovitch,
Thanks for the quick response.
Sorry, maybe I did not explain myself well
All the devices on my LAN are configured well on CW and the UT have management visibility
But all our devices that connect to LAN (L2) and the GW is the FW (all L3 tables - ARP). That's way the translate tables from L2 to L3 are on the FW
(our FW is NOKIA). When I using UT the report screen is empty (the device I'm lookin for is not found).
When i asked is ther any way to connect between CW and the FW to transfer the tables between them?
And when i generate report on UT i whant to see my device path.
Best Regards,
Hrael Rami
10-26-2010 10:48 AM
Ah OK - thanks for the clarification. I understand the full scope of your question better.
Unfortunately I don't believe UT will ever be able to get you a full report to include the devices which use the Nokia firewall as their default gateway. It depends on correlating the devices which get both L2 and L3 services from Cisco switches and routers. It does not even do this level of correlation for Cisco firewalls (Pix, FWSM or ASA).
11-04-2010 12:41 AM
Hello mklemovitch
I am very sorry that I returns a reply so late.
I appreciate your assistance, it helped me a lot.
Have a nice day
Rami
11-04-2010 05:56 AM
You're welcome. Please rate posts that you find helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide