Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
5
Replies

Ciscoworks behind FW

harel.rami
Level 1
Level 1

‎10-26-2010 06:27 AM

Hello,

We have CW with LMS version 2.6.

We have Cisco switches/routers and NOKIA FW

When we run User Tracking, we recieve information from all devices that are not behind the FW.

We cannot get info from devices that are behind the FW

I understand that the problem occurs because the L3 table is managed by the FW.

1. What can we do to be able to use CW(with our current version) on all devices on LAN ?

2. If we upgrade the LMS to a later version, will we be able to use UT on devices behind FW?

3. Is there any other solution to monitor/manage devices behind FW ?

regards'

harel rami

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-26-2010 06:43 AM

To see user devices behind your firewall, UT must have management visibility (be configured to manage those devices, have credentials and be allowed in via the prerequisite ports) into the switches and routers that support them. It correlates information from ARP tables and mac-address tables to compile its database. Several TCP and UDP ports are required for this functionality to work, as documentd in the LMS 2.6 Quick Start Guide. Upgrading LMS will not change this basic tenet.

0 Helpful

harel.rami
Level 1
Level 1
In response to Marvin Rhoads

‎10-26-2010 07:25 AM

Hellow mr. mklemovitch,

Thanks for the quick response.

Sorry, maybe I did not explain myself well

All the devices on my LAN are configured well on CW and the UT have management visibility

But all our devices that connect to LAN (L2) and the GW is the FW (all L3 tables - ARP). That's way the translate tables from L2 to L3 are on the FW

(our FW is NOKIA). When I using UT the report screen is empty (the device I'm lookin for is not found).

When i asked is ther any way to connect between CW and the FW to transfer the tables between them?

And when i generate report on UT i whant to see my device path.

Best Regards,

Hrael Rami

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to harel.rami

‎10-26-2010 10:48 AM

Ah OK - thanks for the clarification. I understand the full scope of your question better.

Unfortunately I don't believe UT will ever be able to get you a full report to include the devices which use the Nokia firewall as their default gateway. It depends on correlating the devices which get both L2 and L3 services from Cisco switches and routers. It does not even do this level of correlation for Cisco firewalls (Pix, FWSM or ASA).

0 Helpful

harel.rami
Level 1
Level 1
In response to Marvin Rhoads

‎11-04-2010 12:41 AM

Hello mklemovitch

I am very sorry that I returns a reply so late.

I appreciate your assistance, it helped me a lot.

Have a nice day

Rami

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to harel.rami

‎11-04-2010 05:56 AM

You're welcome. Please rate posts that you find helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents