nv-l
[Top] [All Lists]

Re: Managing Firewalls

To: nv-l@lists.tivoli.com
Subject: Re: Managing Firewalls
From: Mark Sklenarik <markskl@IBM.NET>
Date: Wed, 21 Jul 1999 22:40:11 -0400
Organization: Tivoli Network Product Integrity
Reply-to: "markskl@ibm.net" <markskl@ibm.net>
Sender: Discussion of IBM NetView and POLYCENTER Manager on NetView <NV-L@UCSBVM.UCSB.EDU>
You could do the following:
Create a user defined symbols (say a software symbol, I would not use the
interface symbol because you would want to know by looking at the symbol if
netview is determining the status, or your script) within the router
interface view for each interface that you want status shown for.  The
selectionname for symbol would be something like 69.1.2.304:MibStatus

Have the script do a snmpget to get status, then send a snmptrap to
netview.

This snmptrap would be used to set the status of the symbols you created.
 This status trap has been document on this form before, and it's in the
Admin Guide also.  The snmptrap would be setting the status of
69.1.2.304:MibStatus.

-----Original Message-----
From:   Brad Martin [SMTP:bmartin@METLIFE.COM]
Sent:   Wednesday, July 21, 1999 3:00 PM
To:     NV-L@UCSBVM.ucsb.edu
Subject:        Managing Firewalls

Does anyone have experience managing Cisco PIX firewalls? By design, Cisco
doesn't allow ICMP pings to the Outside and DMZ interfaces. In addition,
the
SNMP agent doesn't support the IP or AT tables (making discovery nearly
impossible). At present, the firewalls are defined as a generic "Connector"
objects. The non-pingable interfaces were manually added and then
unmanaged.

According to Cisco, the only way to determine that everything is OK is to
send
an snmpget to the inside interface requesting the status MIB's in the
interface
table. I can write the scripts to verify status, but I'm not sure how to
modify
the map icons and keep netmon from changing it back.

Brad Martin
MetLife (212) 578-8884.

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web