Pix monitoring on Openview

stuart.jones · ‎02-01-2005

Hi

I have an HP Open view box on the inside of my Pix, i have defined the Pix on this box and can manage the inside interface but not the outside.

I think it uses ICMP to confirm if the interfaces are UP, do i need to configure access in the ACL's to allow this box to talk to the outside interface, and then the return packets ?

Thanks

g.rodegari · ‎02-01-2005

Hi,

If I've understood you have the management station in front of the INSIDE interface of the PIX.

I think that frome this zone you can't send ICMP to the OUTSIDE or other not directly connected interfaces.

No with ICMP permit command neither with ACL... because the traffic is not thorugh the PIX but to the PIX...

I apologize... hope this helps.

G.

stuart.jones · ‎02-01-2005

Thanks for the reply

Is there no way then to get ICMP to be permited if it is to the Pix rather than through it ? It would be nice if i could get this monitored on Openview.

Thanks

Stu

g.rodegari · ‎02-01-2005

Hi,

this is my understanding...

I think that you could retrieve the PIX's interfaces status with SNMP get to the inside... instead of "pinging" all the interface.

Bye,

G.

paddyxdoyle · ‎02-01-2005

Hi,

I think Openview needs to ping an interface first before it can do SNMP operations on it.

This results in your PIX object having its inside interface displayed as green on your map, and all the other interfaces displayed as red on your MAP.

(Actually, i guess this depends on which interface your Openview server resides as it will be able to ping the interface that's local to its subnet)

So Openview can't ping the none local interfaces, however if you poll the interface or test them for SNMP you should get a positive return on SNMP (sorry, can't remeber the exact openview terminology at the moment)

HTH

PD