I've encountered something odd in R80.10 that seems different from R77.30 functionality. Not sure if this is a bug, or just a change in process that I was unaware of.
In R77.30 management, we would create "Gateway" objects for Cisco Routers. This would allow us to supply SNMP information to pull back the router's topology. This feature was important as it allowed us to accept TACACS from multiple interfaces on the router without having to create individual objects for each interface.
This is an object that was upgraded from R77.30 to R80.10... These objects got moved to the Interoperable Devices category of nodes. However, when you edit the object, it shows as a Gateway Node. Regardless, when you look at the properties, there is a sub-menu for "Other". This is where you can supply the SNMP community strings.
When I try to create a new Interoperable Device, there is no "Other" menu to supply SNMP credentials. There is a "Get" button on the Topology menu, but it cannot retrieve the topology without the SNMP community strings.
If anyone has any insights on this, please let me know!
Thanks,
Dan
Is it possible that the device should be listed as OSE:
OSE Device Properties — General
What I can do here?
In this window you can define the general settings of the OSE Device: Name and IP address.
What background information do I need to know?
An Open Security Extension (OSE) Device is a 3rd party enforcement point which represents the router and influences and enforces its security settings. The Security Management server generates Access Lists from the Policy and downloads them to the appropriate device. This Access list represents a very basic security policy which is then enforced on the router. When configuring the OSE Device the user is actually defining the settings for the Access List.
When working with an OSE Device object, the rule base should not contain one of the following. If one of the following is included in the rule base Security Management will fail to generate Access Lists from the rules.
Is it possible that the device should be listed as OSE:
OSE Device Properties — General
What I can do here?
In this window you can define the general settings of the OSE Device: Name and IP address.
What background information do I need to know?
An Open Security Extension (OSE) Device is a 3rd party enforcement point which represents the router and influences and enforces its security settings. The Security Management server generates Access Lists from the Policy and downloads them to the appropriate device. This Access list represents a very basic security policy which is then enforced on the router. When configuring the OSE Device the user is actually defining the settings for the Access List.
When working with an OSE Device object, the rule base should not contain one of the following. If one of the following is included in the rule base Security Management will fail to generate Access Lists from the rules.
| User | Count |
|---|---|
| 14 | |
| 10 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 2 |
Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)
