firewall switch discovery issues

craigsnowadmin2
Kilo Guru

‎04-27-2018 12:58 PM

while trying to discover switch and firewall discovery running into connectivity issues. is there any firewall rules /ports to be open from mid server to reach ip networks or subnets? how do we find this is ACL or firewall issue . are there any snmp testing tools ,commands for connectivity and credentials to remote devices  and debugging purposes

Labels:
0 Helpfuls
  • 2,161 Views
5 REPLIES 5

arielgritti
Mega Sage

‎04-27-2018 01:21 PM

Hello

Check-out this:

  1. SNMP credentials for the switch and firewall
  2. SSH credentials (if apply) for the switch and firewall
  3. Test credentials against the switch and firewall IP
  4. Ping from midserver to the firewall and switch IP
  5. Telnet form midserver to the SSH port (if apply) of the firewall and switch if telnet is permitted
  6. SNMPwalk is a tool to check SNMP MIBs
    1. http://net-snmp.sourceforge.net/docs/man/snmpwalk.html

I hope my answer has been useful

Ariel

PS: Please mark my answer correct or helpful if I have helped you. Thanks

Community Alums
Not applicable

‎04-27-2018 08:26 PM

What is the error coming up while running discovery? Also, discovery issue is for all network switches/firewall or specific ones?

 

Stops at shazzam (check active/alive status to confirm)? 

--> SNMP type credentials are usually sufficient to perform network device discovery. Also these days organizations allow only specific IP address to perform snmp polls. Additionally check with your network/firewall team to see if they have such restrictions. If yes, they might have to add all mid server IP's to each network device in order to perform snmp poll.

 

Classification Issues?

-->MIB files might be missing.

-->Verify if OID of the device is present under snmp OID. If not, do add one based on model of the device.

 

hannu
Giga Contributor

‎04-28-2018 05:11 AM

can you put the screenshot of ecc queue and discovery logs for better understanding of the issue you are facing.

0 Helpfuls

Harshanath
Kilo Explorer

‎02-16-2020 04:23 PM

I have same issue , I got this problem with Cisco ASA firewall, I could able to discover cisco switches and routers , but not ASA firewall , initially ASA did not configure with snmp-server host ...command specifying MID server ip so I could not able to successful when i did snmp  credential check . but after the above configurations i could able to success on snmp credential check . but when i did snmp discovery it was failed . as my knowlage i am thinking , in my service now i have 4,5 snmp credential so mid server first try with all the credential and find matched one , I think ASA may be reject before mentioned behavior and reject entire host .

Please anyone know soultion let me know

0 Helpfuls