nv-l
[Top] [All Lists]

RE: [nv-l] VPN & Firewall Pb

To: nv-l@lists.tivoli.com
Subject: RE: [nv-l] VPN & Firewall Pb
From: "Barr, Scott" <Scott_Barr@csgsystems.com>
Date: Thu, 7 Mar 2002 13:24:26 -0600
Can you use SNMP management for this firewall rather than pings?

The problem is you cannot exclude a range of IP addresses from discovery if
you have explicitly said you want to manage a device in that subnet.

You specify in your seed file that you want to manage this VPN box you
CANNOT negate a range of addresses on that specific device. Your seed file
will never exclude these addresess.

However, if you use SNMP management of this device - you will not ping the
interfaces, you will merely ask the VPN box for SNMP status on all his
interfaces. I think that should be the approach you take.

To enable SNMP management obviously you have a firewall concern to address -
but just put a "$" in the seedfile in front of the nodename you want to SNMP
manage, delete it and rediscover.

-----Original Message-----
From: Maxime TRANNOY [mailto:MTRANNOY@fr.ibm.com]
Sent: Thursday, March 07, 2002 12:44 PM
To: nv-l@lists.tivoli.com
Subject: [nv-l] VPN & Firewall Pb



Netview 6.0.0
AIX4.3.3

Hello,

We monitor a checkpoint Firewall on solaris with Netview.
Everything was ok, but since we have implemented a range of IP address for
Nomad VPN the netmon daemon starts being crazy.
It starts to make ping storm to all IP address in the range (while the
range of this IP address where set to no disvover in the seed file with
"!").

!a.x.240.*

The Firewall was overload and could not handle so many pings.
We have deletted the Firewall object and then tried to rediscover it under
Netview without the VPN IP address range restriction in the Seed File, but
the ping storm still and the IP address are not recognized by Netview ( No
interfaces in the topology databases or in the Object Databases)..

The strangest thing is when i asked for a demand poll i can see the IP
adress  of all the range with the answer :

16:46:56   Interface a.x.240.51 (down since 03/06/02 18:31:15)
16:46:56   Interface a.x.240.50 (down since 03/06/02 18:31:15)
16:46:58     ping timed out
16:46:58     ping timed out


Does someone no how to stop this ping strom or how to tell Netview not to
discover the interface's Firewall with this IP address.

Kind regards/Cordialement.

Maxime TRANNOY
IGS - Network Delivery Support Center
Tel : +33 (0) 492 114 767
mailto:mtrannoy@fr.ibm.com



---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web