11-10-2016 08:31 AM
Hi folks,
I have a new collector that will be deployed isolated from the internet, any file upload will need to support being transferred to an intermediary system. Note that the currently available mechanism of using a https proxy is not deemed sufficiently secure, and an 'air gap' between the collector and any external notwork is required.
So... is it feasible to change the destination address (on the collector) from 'nettools-upload.cisco.com' to an intermediate system?
Also can we use the credentials that are supplied within the entitlement that is obtained via the SNTC portal?
Thanks,
Graham
11-13-2016 11:07 AM
Hi Graham,
I believe the only proxy mechanism that will work is the one built into the collector software, which is configured through the CSPC admin shell. Would that work for you or is that what you are referring to when you say "https proxy"?
Thanks,
Lynden
11-14-2016 05:33 AM
Hi Lynden,
Working through a proxy (as I do for 8 existing collectors) isn't going to be acceptable by our security team. Therefore will need to be able to upload the archive to an intermediary system (file server) then it will upload to Cisco.
In order to support this the following aspects will need to be fully understood and implemented if possible:
The first and third points are the ones where we need confirmation that it is feasible.
Rgds,
Graham
11-14-2016 10:50 AM
Graham;
I have a collector completely shut off from the internet. I have to run a collection then log in to the collector and transfer the file to another server that will scan the file and deliver it to a system that does have internet access. From there, I log into my SmartNet portal and do a File Import.
It is possible. If you need better directions, I could go into better detail.
Rich
11-15-2016 09:46 AM
Hi guys,
Yep, I'm aware of the manual option and I use it for the initial uploads; but we will soon have 10's of collectors covering dynamic networks (many device changes each week) and the aim is to automate activities not create more work ;-)
Now I can easily automate the transfer of the archive to the intermediate system via scp. so it is just the upload to the the Cisco back end that needs to be setup, and the only part of this that I'm unsure of is what credentials to use when making that transfer?
Rgds,
Graham
11-17-2016 10:21 AM
Hi Graham,
I don't actually know how you would set up what you're asking for, but the connection between your side and the Cisco back end is authenticated with the SSL certificate (entitlement) that is generated when you are setting up the collector. If you extract that, you might be able to make some use of it.
Thanks,
Lynden
11-14-2016 01:53 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide