cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

How can a specifc VS be reached from a SmartCenter with the sk103154 script?

Hi.

We are trying to implement the sk103154:

How to block traffic coming from known malicious IP addresses

We got to send from a SecurePlatform SmartCenter (no MDS) the script to the Gaia firewall VSX 0 but we haven't found the way to send it to another VS under it. If we specify the name of the firewall in SmartDashboard it doesn`t work. The IP of the Gateway Object of those specific VS aren't reacheable for the SmartCenter.

Any ideas?

Thanks.

Tags (4)
0 Kudos
7 Replies
Highlighted
Danny
Pearl

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

Hi, your SmartCenter is still running on SecurePlatform? Time for an upgrade mate.

However, you can't login into a VS directly. So you need to adjust the script to login into the vs0 first and then change to the relevant VS id.

0 Kudos

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

Actually, it's the lab environment: in production we have recent hardware and software versions and probably won't have this issue becouse I hope we'll be able to reach the gateways by their names. But we wanted to test the solution previously there.

I'll study the script, thank you.

0 Kudos

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

By the way... that adjustment in the script should be done also in production environment if it has MDS to VSXs? Or it is just with SmartCenter to VSX?

Thanks.

0 Kudos
Danny
Pearl

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

It's the same in your production environment as you can't login into a VS directly.

0 Kudos

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

So sk103154 script only works in stand-alone environments where management server can reach directly the firewalls, doesn't it?

0 Kudos

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

What type of script are you actually trying to run on the VS? It may help us help you to know what you are trying to achieve, is it the block_IP script from that SK or is it something else?

Maybe you should look at cprid_util, a tool to run commands/scripts from the management server. see SK106490

Regards, Maarten
0 Kudos

Re: How can a specifc VS be reached from a SmartCenter with the sk103154 script?

It's the SK script. We made it work but only connected with the VS 0: we couldn't give the VS X as an argument via the text file where you assign the gateways you want to be covered by it.

0 Kudos