Cnfiguring and Mnitring Netwrk Elements eg Enterprise v5.6
Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be reprduced r disclsed t thers withut the prir permissin f eg Innvatins, Inc. eg Innvatins, Inc. makes n warranty f any kind with regard t the sftware and dcumentatin, including, but nt limited t, the implied warranties f merchantability and fitness fr a particular purpse. Trademarks Micrsft Windws, Windws NT, Windws 2000, Windws 2003 and Windws 2008 are either registered trademarks r trademarks f Micrsft Crpratin in United States and/r ther cuntries. The names f actual cmpanies and prducts mentined herein may be the trademarks f their respective wners. Cpyright 2012 eg Innvatins, Inc. All rights reserved.
Table f Cntents CONFIGURING AND MONITORING CISCO ROUTERS...1 1.1 CONFIGURING A CISCO ROUTER TO WORK WITH THE EG AGENT...1 1.2 ADMINISTERING THE EG MANAGER TO MONITOR THE CISCO ROUTER...1 1.3 MONITORING THE CISCO ROUTERS...3 1.3.1 Trubleshting...4 CONFIGURING AND MONITORING A CISCO CATALYST SWITCH...5 2.1 ADMINISTERING THE EG MANAGER TO MONITOR A CISCO CATALYST SWITCH...5 2.2 MONITORING THE CISCO CATALYST SWITCH...6 CONFIGURING AND MONITORING A CISCO PIX FIREWALL...7 3.1 ADMINISTERING THE EG MANAGER TO MONITOR A CISCO PIX FIREWALL...7 3.2 MONITORING THE CISCO PIX FIREWALL...9 CONFIGURING AND MONITORING THE CISCO VPN CONCENTRATORS...10 4.1 ADMINISTERING THE EG MANAGER TO WORK WITH A CISCO VPN CONCENTRATOR...10 4.2 MONITORING THE CISCO VPN CONCENTRATOR...12 CONFIGURING AND MONITORING NETSCREEN FIREWALLS...13 5.1 ADMINISTERING THE EG MANAGER TO WORK WITH A NETSCREEN FIREWALL...13 5.2 MONITORING THE NETSCREEN FIREWALL...15 CONFIGURING AND MONITORING FORTIGATE FIREWALLS...16 6.1 CONFIGURING FORTIGATE FIREWALL...16 6.2 ADMINISTERING THE EG MANAGER TO WORK WITH A FORTIGATE FIREWALL 3X...17 6.3 MONITORING THE FORTIGATE FIREWALL 3X...19 6.4 ADMINISTERING THE EG MANAGER TO WORK WITH A FORTIGATE FIREWALL...20 6.5 MONITORING THE FORTIGATE FIREWALL...22 CONFIGURING AND MONITORING JUNIPER SA DEVICES...23 7.1 ADMINISTERING THE EG MANAGER TO WORK WITH A JUNIPER SA DEVICE...23 7.2 MONITORING THE JUNIPER SA DEVICE...27 CONFIGURING AND MONITORING JUNIPER DX DEVICES...28 8.1 ADMINISTERING THE EG MANAGER TO WORK WITH A JUNIPER DX DEVICE...28 8.2 MONITORING THE JUNIPER DX DEVICE...30 CONFIGURING AND MONITORING F5 BIG-IP LOAD BALANCERS...31 9.1 ADMINISTERING THE EG MANAGER TO WORK WITH A BIG-IP LOAD BALANCER...31 9.2 MONITORING THE BIG-IP LOAD BALANCER...34 CONFIGURING AND MONITORING 3COM CORE BUILDER SWITCHES...35 10.1 ADMINISTERING THE EG MANAGER TO WORK WITH A 3COM CORE BUILDER SWITCH...35 10.2 MONITORING THE 3COM CORE BUILDER SWITCH...38 CONCLUSION...39
Table f Figures Figure 1.1: Adding a new Cisc Ruter...2 Figure 1.2: List f uncnfigured tests fr the Cisc ruter...2 Figure 1.3: Cnfiguring the Cisc CPU test parameters f the Cisc Ruter...2 Figure 3.1: Cnfiguring the Pix Hardware test...8 Figure 4.1: Adding a Cisc VPN...10 Figure 4.2: Cnfiguring the VPN Fans test...11 Figure 5.1: Cnfiguring the Nsc Attacks test...14 Figure 6.1: Enabling SNMP...16 Figure 6.2: Adding a new Frtigate Firewall 3x cmpnent...17 Figure 6.3: List f Uncnfigured tests fr the Frtigate Firewall 3x cmpnent...18 Figure 6.4: Cnfiguring the Fn Sessins test...18 Figure 6.5: Adding a new Frtigate Firewall cmpnent...20 Figure 6.6: List f Uncnfigured tests fr the Frtigate Firewall cmpnent...20 Figure 6.7: Cnfiguring the Disk Details test...21 Figure 7.1: Adding a Juniper SA device...23 Figure 7.2: A list f uncnfigured tests...24 Figure 7.3: Cnfigure the Ive Service test...25 Figure 7.4: Cnfiguring the TCP Statistics test fr the Juniper SA Device...26 Figure 8.1: Adding a Juniper DX device...28 Figure 8.2: A list f uncnfigured tests...29 Figure 8.3: Cnfigure the Target Server Status test...30 Figure 9.1: Adding a F5 Big-IP Lad Balancer...31 Figure 9.2: A list f uncnfigured tests...32 Figure 9.3: Cnfigure the F5Status test...33 Figure 10.1: Adding a 3COM Cre Builder Switch...35 Figure 10.2: A list f uncnfigured tests...36 Figure 10.3: Cnfiguring the Cre Builder test...38
Cnfiguring and Mnitring Cisc Ruters Chapter 1 Cnfiguring and Mnitring Cisc Ruters This chapter prvides yu with the knw-hw n: Cnfiguring a Cisc Ruter t wrk with the eg agent Administering the eg manager t mnitr the Cisc Ruter Mnitring the Cisc Ruter 1.1 Cnfiguring a Cisc Ruter t wrk with the eg Agent T mnitr a Cisc ruter, an eg agent requires the ruter t be SNMP enabled. SNMP can be enabled in a Cisc ruter using the fllwing cmmand: Ruter(cnfig)# snmp-server cmmunity <cmmunity string> RO 5 In the abve cmmand, <cmmunity string> is the SNMP cmmunity string that is used fr readnly (RO) access. The number 5 refers t the access cntrl list (ACL) identifier. Cisc ruters cntain access cntrl lists that allw the SNMP access t be restricted t specific hsts nly. In such cases, ensure that the eg external agent has SNMP access t the ruter. 1.2 Administering the eg Manager t mnitr the Cisc Ruter T cnfigure a ruter fr mnitring by eg: 1. Lg int the eg administrative interface. 2. If the ruter is already discvered, then directly prceed twards managing it using the COMPONENTS - MANAGE/UNMANAGE page (Infrastructure -> Cmpnents -> Manage/Unmanage). Hwever, if it is yet t be discvered, then run discvery (Infrastructure -> Cmpnents -> Discver) t get it discvered r add the ruter manually using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. 1
Cnfiguring and Mnitring Cisc Ruters Fr mre details n managing cmpnents, refer t the f Cnfiguring and Mnitring Web Servers dcument. Figure 1.1: Adding a new Cisc Ruter 3. Nw, attempt t sign ut f the admin interface. Ding s will result in the display f Figure 1.2, which lists all the uncnfigured tests f the Cisc Ruter. Figure 1.2: List f uncnfigured tests fr the Cisc ruter 4. Clicking the Cisc CPU test will result in the display f the fllwing page: Figure 1.3: Cnfiguring the Cisc CPU test parameters f the Cisc Ruter 5. Specify the fllwing in Figure 1.3. TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the Cisc Ruter. 2
Cnfiguring and Mnitring Cisc Ruters SNMPPORT - The prt number thrugh which the Cisc ruter expses its SNMP MIB. The default value is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT - Specify the duratin (in secnds) within which the SNMP query executed by this test shuld time ut in the TIMEOUT text bx. The default is 10 secnds. 6. Next, click n the Update buttn in Figure 1.3 and sign ut f the eg administrative interface. 1.3 Mnitring the Cisc Ruters T mnitr the status f the Cisc Ruter, d the fllwing: 3
Cnfiguring and Mnitring Cisc Ruters 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the ruter fr which yu wish t view measurements. 4. Other netwrk elements (hubs, switches, etc. that supprt SNMP MIB-II) can als be mnitred in such the same manner as Cisc ruters. 1.3.1 Trubleshting If the Netwrk test is in an UNKNOWN state, check whether the external agent is running. If the Netwrk test is reprting results but the Netwrk Interfaces test is nt, then, verify the fllwing: Is the Netwrk Interfaces test cnfigured via the eg Admin interface? If nt, specify the SNMP read cmmunity string in the eg admin interface. Is the ruter cnfigured t respnd t SNMP queries? Execute the cmmand <EG_HOME_DIR>/bin/snmpwalk <IP f ruter> <cmmunity>. If there is nt reply, it indicates that SNMP has nt been cnfigured prperly. If SNMP is cnfigured fr the ruter, but the eg external agent is nt able t query the ruter, check the ruter s SNMP access cntrl list. The eg external agent s hst must be allwed t query the ruter s SNMP MIB. 1. I am mnitring a Netwrk nde with the Netwrk Interfaces test. I see very ften that the bandwidth utilizatin is being reprted as 100% which is nt crrect. What is the issue? eg Enterprise's Netwrk Interfaces test uses SNMP MIB-II supprt in the netwrk device t mnitr bandwidth int and ut f each netwrk interface. The percentage bandwidth utilizatin is cmputed by finding the speed f the interface (available frm SNMP MIB-II - ifspeed variable) and cmparing the data transmit/receive rates with the interface speed. The mst likely reasn fr why the percentage bandwidth utilizatin is nt being reprted crrectly is that the ifspeed setting fr the ruter interfaces (as reprted by MIB-II) is nt crrect. The speed setting fr each f the ruter interfaces by executing the fllwing cmmand frm an eg agent system: <EG_INSTALL_DIR>\bin\snmpwalk -O nfq 10.1.4.1 <cmmunity>..1.3.6.1.2.1.2.2.1.5 Cisc netwrk devices supprt "bandwidth" interface sub-cmmand that can be used t set the speed n the different netwrk interfaces in such a way that the crrect values are available t the eg agent via SNMP MIB-II. 4
Cnfiguring and Mnitring a Cisc Catalyst Switch Chapter 2 Cnfiguring and Mnitring a Cisc Catalyst Switch This chapter delineates the prcedures invlved in: Administering the eg manager t mnitr a Cisc Catalyst switch Mnitring the Cisc Catalyst switch 2.1 Administering the eg Manager t Mnitr a Cisc Catalyst Switch T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. If the switch is already discvered, then directly prceed twards managing it using the COMPONENTS - MANAGE/UNMANAGE page (Infrastructure -> Cmpnents -> Manage/Unmanage). Hwever, if it is yet t be discvered, then run discvery (Infrastructure -> Cmpnents -> Discver) t get it discvered r add the switch manually using the ADD/MODIFY - COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. 3. When yu attempt t sign ut, a list f uncnfigured tests appears. Click n the Cisc Catalyst Test listing in the page. 4. Cnfigure the Cisc Catalyst test fr the selected switch by prviding the SNMPPORT and SNMPCOMMUNITY. 5. Then, sign ut f the admin interface. 5
Cnfiguring and Mnitring a Cisc Catalyst Switch 2.2 Mnitring the Cisc Catalyst Switch T mnitr the status f the Cisc Catalyst Switch, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the switch fr which yu wish t view measurements. Other netwrk elements (hubs, etc. that supprt SNMP MIB-II) can als be mnitred in the same manner as Cisc ruters and switches. 6
Cnfiguring and Mnitring a Cisc PIX Firewall Chapter 3 Cnfiguring and Mnitring a Cisc PIX Firewall This chapter delineates the prcedures invlved in: Administering the eg manager t mnitr a Cisc PIX firewall Mnitring the Cisc PIX firewall 3.1 Administering the eg Manager t Mnitr a Cisc PIX Firewall T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. If the Cisc PIX firewall is already discvered, then directly prceed twards managing it using the COMPONENTS - MANAGE/UNMANAGE page (Infrastructure -> Cmpnents -> Manage/Unmanage). Hwever, if it is yet t be discvered, then run discvery (Infrastructure-> Cmpnents -> Discver) t get it discvered r add the switch manually using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. 3. When yu attempt t sign ut, a list f uncnfigured tests appears. Click n the NetwrkInterfaces test listing in the page. 4. Then, click n the Update buttn. 5. Attempting t sign ut nw will nce again invke the uncnfigured tests list. Click n the Pix Hardware test t cnfigure it. This test reprts the status f varius hardware units f a Cisc PIX device. 7
Cnfiguring and Mnitring a Cisc PIX Firewall Figure 3.1: Cnfiguring the Pix Hardware test 6. T cnfigure the test using Figure 3.1, specify the fllwing: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the Cisc PIX firewall SNMPPORT The SNMP Prt number f the Cisc PIX firewall (161 typically) SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Lcal Directr. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. 8
Cnfiguring and Mnitring a Cisc PIX Firewall By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT The maximum duratin (in secnds) fr which the test will wait fr a respnse frm the Lcal Directr SNMPCOMMUNITY The cmmunity string t be used with the SNMP query t access the Cisc PIX firewall s MIB DETAILED DIAGNOSIS - T make diagnsis mre efficient and accurate, the eg Enterprise system embeds an ptinal detailed diagnstic capability. With this capability, the eg agents can be cnfigured t run detailed, mre elabrate tests as and when specific prblems are detected. T enable the detailed diagnsis capability f this test fr a particular server, chse the On ptin against DETAILED DIAGNOSIS. T disable the capability, click n the Off ptin. The ptin t selectively enable/disable the detailed diagnsis capability will be available nly if the fllwing cnditins are fulfilled: The eg manager license shuld allw the detailed diagnsis capability Bth the nrmal and abnrmal frequencies cnfigured fr the detailed diagnsis measures shuld nt be 0. 7. Update the test cnfiguratin, and then, sign ut f the admin interface. 3.2 Mnitring the Cisc PIX Firewall T mnitr the status f the Cisc PIX firewall, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the firewall being mnitred. Other netwrk elements (hubs, etc. that supprt SNMP MIB-II) can als be mnitred in the same manner as Cisc ruters and switches. 9
Cnfiguring and Mnitring the Cisc VPN Cncentratrs Chapter 4 Cnfiguring and Mnitring the Cisc VPN Cncentratrs This chapter discusses hw t cnfigure and mnitr a Cisc VPN cncentratr. 4.1 Administering the eg Manager t Wrk with a Cisc VPN Cncentratr T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Cisc VPN cncentratr, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify) (see Figure 4.1). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 4.1: Adding a Cisc VPN 3. When yu attempt t sign ut, a list f uncnfigured tests appears. Click n the VPN Fans test t cnfigure it. The VPN Fans test mnitrs the individual fans n the cncentratr and reprts whether they are perating nrmally. 10
Cnfiguring and Mnitring the Cisc VPN Cncentratrs Figure 4.2: Cnfiguring the VPN Fans test 4. T cnfigure the test using Figure 4.2, specify the fllwing: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the VPN cncentratr SNMPPORT The prt number thrugh which the VPN cncentratr expses its SNMP MIB. The default prt is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Lcal Directr. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. 11
Cnfiguring and Mnitring the Cisc VPN Cncentratrs By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT The maximum duratin (in secnds) fr which the test will wait fr a respnse frm the Lcal Directr 5. Update the test cnfiguratin, and then, sign ut f the admin interface. 4.2 Mnitring the Cisc VPN Cncentratr T mnitr the status f the Cisc VPN cncentratr, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the cncentratr being mnitred t view its measurements. Other netwrk elements (hubs, etc. that supprt SNMP MIB-II) can als be mnitred in the same manner as Cisc ruters and switches. 12
Cnfiguring and Mnitring Netscreen Firewalls Chapter 5 Cnfiguring and Mnitring Netscreen Firewalls This chapter utlines the prcedures invlved in cnfiguring and mnitring Netscreen Firewalls. 5.1 Administering the eg Manager t Wrk with a Netscreen Firewall T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Netscreen Firewall, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. 3. When yu attempt t sign ut, a list f uncnfigured tests appears. Click n the Nsc Attacks test t cnfigure it. This test reprts statistics pertaining t the attack attempts made n the Netscreen Firewall device. 13
Cnfiguring and Mnitring Netscreen Firewalls Figure 5.1: Cnfiguring the Nsc Attacks test 4. T cnfigure the test using Figure 5.1, specify the fllwing: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the Netscreen firewall PORT The prt at which the firewall listens SNMPPORT The prt number thrugh which the Netscreen firewall expses its SNMP MIB. The default prt is 161. SNMPCOMMUNITY The cmmunity string f the Netscreen firewall SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm 14
Cnfiguring and Mnitring Netscreen Firewalls SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT - Specify the duratin (in secnds) within which the SNMP query executed by this test shuld time ut in the TIMEOUT text bx. The default is 10 secnds. 5. Then click n the Update buttn in Figure 5.1 and signut f the administrative interface. 5.2 Mnitring the Netscreen Firewall T mnitr the status f the Netscreen firewall, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the Netscreen firewall being mnitred. The measurements pertaining t the Netscreen firewall will then appear. 15
Cnfiguring and Mnitring Frtigate Firewalls Chapter 6 Cnfiguring and Mnitring Frtigate Firewalls This chapter discusses in detail the steps invlved in mnitring and cnfiguring Frtigate Firewalls. 6.1 Cnfiguring Frtigate Firewall Like all ther netwrk devices that are managed using SNMP prtcl, eg uses SNMP mnitr FrtiGate Firewall. The fllwing steps utline hw yu can enable SNMP t mnitr FrtiGate Firewall. 1. Fllw the menu sequence: System>Cnfig> SNMP v1/v2c n the firewall. 2. Select the check bx Enable SNMP. Figure 6.1: Enabling SNMP 3. T retrieve infrmatin frm SNMP MIB, ensure that yu specify a Get Cmmunity string, which is a passwrd t identify SNMP get requests sent t the FrtiGate unit. The default get cmmunity string is public. Yu can change the default Get Cmmunity string if need be. 16
Cnfiguring and Mnitring Frtigate Firewalls 4. In the Figure 6.1, click the Apply buttn t save the details. Als, befre the eg agent cnnects t the FrtiGate agent, an administratr must cnfigure ne r mre FrtiGate interfaces t accept SNMP cnnectins. The cnfiguratin depends upn whether the FrtiGate unit is perating in NAT/Rute mde r Transparent mde. In rder t cnfigure SNMP access t an interface in NAT/Rute mde, d the fllwing: Fllw the menu sequence: Systems>Netwrk>Interface. Chse an interface that eg agents cnnect t and select Mdify. Fr Administrative Access, select SNMP. Select OK. In rder t cnfigure SNMP access t an interface in Transparent mde: Fllw the menu sequence: System> Netwrk>Management. Select the interface that the SNMP manager cnnects t and select SNMP. Select Apply. 6.2 Administering the eg Manager t wrk with a Frtigate Firewall 3x T administer the Frtigate Firewall 3x using eg Manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Frtigate Firewall 3x, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure-> Cmpnents -> Add/Mdify) as shwn in Figure 6.2. Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 6.2: Adding a new Frtigate Firewall 3x cmpnent 3. Nw, when yu attempt t signut f the eg administrative interface, a list f uncnfigured tests as shwn in Figure 6.3 will appear. 17
Cnfiguring and Mnitring Frtigate Firewalls Figure 6.3: List f Uncnfigured tests fr the Frtigate Firewall 3x cmpnent 4. Click n the Fn Sessins test t cnfigure it. Figure 6.4 will then appear. Figure 6.4: Cnfiguring the Fn Sessins test 5. In Figure 6.4, specify the fllwing: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the device. PORT Here, specify the prt at which the specified HOST listens. SNMPPORT - The prt number thrugh which the device expses its SNMP MIB. The default value is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the device. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, 18
Cnfiguring and Mnitring Frtigate Firewalls access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32- bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT The maximum duratin (in secnds) fr which the test will wait fr a respnse frm the server. 6. Finally, click the Update buttn in Figure 6.4 and try t signut f the eg administrative interface. Yu will be prmpted t cnfigure the Device Uptime test and the Netwrk Interfaces test. T knw mre abut hw t cnfigure the Device Uptime and Netwrk Interfaces tests, refer t the Mnitring Netwrk Elements dcument. 7. After yu have finished cnfiguring bth the tests, sign ut f the eg administrative interface. 6.3 Mnitring the Frtigate Firewall 3x T mnitr the status f the Frtigate Firewall 3x, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the Frtigate Firewall 3x being mnitred. The measurements pertaining t the Frtigate Firewall 3x will then appear. 19
Cnfiguring and Mnitring Frtigate Firewalls 6.4 Administering the eg Manager t wrk with a Frtigate Firewall T administer the Frtigate Firewall using eg Manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Frtigate Firewall, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure-> Cmpnents -> Add/Mdify) as shwn in Figure 6.5. Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 6.5: Adding a new Frtigate Firewall cmpnent 3. Nw, when yu attempt t signut f the eg administrative interface, a list f uncnfigured tests as shwn in Figure 6.6 will appear. Figure 6.6: List f Uncnfigured tests fr the Frtigate Firewall cmpnent 4. Click n the Details test t cnfigure it. Figure 6.7 will then appear. 20
Cnfiguring and Mnitring Frtigate Firewalls Figure 6.7: Cnfiguring the Disk Details test 5. In Figure 6.7, specify the fllwing: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the device. PORT Here, specify the prt at which the specified HOST listens. SNMPPORT - The prt number thrugh which the device expses its SNMP MIB. The default value is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the device. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. 21
Cnfiguring and Mnitring Frtigate Firewalls AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32- bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. TIMEOUT The maximum duratin (in secnds) fr which the test will wait fr a respnse frm the server. 6. Finally, click the Update buttn in Figure 6.7 and try t signut f the eg administrative interface. Yu will be prmpted t cnfigure the Device Uptime test and the Netwrk Interfaces test. T knw mre abut hw t cnfigure the Device Uptime and Netwrk Interfaces tests, refer t the Mnitring Netwrk Elements dcument. 7. After yu have finished cnfiguring bth the tests, sign ut f the eg administrative interface. 6.5 Mnitring the Frtigate Firewall T mnitr the status f the Frtigate Firewall, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the Frtigate Firewall being mnitred. The measurements pertaining t the Frtigate Firewall will then appear. 22
Cnfiguring and Mnitring Juniper SA Devices Chapter 7 Cnfiguring and Mnitring Juniper SA Devices This chapter utlines the prcedures invlved in cnfiguring and mnitring Juniper SA Devices. 7.1 Administering the eg Manager t Wrk with a Juniper SA Device T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Juniper SA device, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure-> Cmpnents -> Add/Mdify) (see Figure 7.1). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 7.1: Adding a Juniper SA device 23
Cnfiguring and Mnitring Juniper SA Devices 3. When yu attempt t sign ut, a list f uncnfigured tests appears (see Figure 7.2). Figure 7.2: A list f uncnfigured tests 4. Click n the Ive Service test t cnfigure it. The Ive Service test reprts the statistics like user sign-ins and varius hit ratis f the Juniper SA device. T cnfigure the test, prvide the fllwing details in Figure 7.3 that appears: TEST PERIOD - Hw ften shuld the test be executed HOST The hst fr which the test is being cnfigured PORT - The prt at which the device listens. By default, this will be NULL. SNMPPORT - The prt number thrugh which the Juniper SA device expses its SNMP MIB. The default prt is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm 24
Cnfiguring and Mnitring Juniper SA Devices ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. Figure 7.3: Cnfigure the Ive Service test 5. The next time yu try t sign ut f the admin interface, yu will be prmpted t cnfigure the NetwrkInterfaces test. T cnfigure this test, click n it. Fr mre details n cnfiguring the Netwrk Interfaces test, refer t the Cnfiguring and Mnitring Cisc CSS Servers dcument. 6. Attempting t sign ut nw will nce again invke the uncnfigured tests list. Click n the TCP Statistics test t cnfigure it. The TCP Statistics test measures the incming and utging TCP cnnectins n the IVE system. T cnfigure the test using Figure 7.4, specify the fllwing: TEST PERIOD Hw ften shuld the test be executed HOST - The hst fr which the test is t be cnfigured. SNMPPORT The prt at which the server expses its SNMP MIB. The default is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt 25
Cnfiguring and Mnitring Juniper SA Devices appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. Figure 7.4: Cnfiguring the TCP Statistics test fr the Juniper SA Device 7. Update the test cnfiguratin as explained fr the Ive Service test, and then, sign ut f 26
Cnfiguring and Mnitring Juniper SA Devices the eg administrative interface. 7.2 Mnitring the Juniper SA Device T mnitr the status f the Juniper SA Device, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the Juniper SA device being mnitred. The measurements pertaining t the device will then appear. 27
Cnfiguring and Mnitring Juniper DX Devices Chapter 8 Cnfiguring and Mnitring Juniper DX Devices This chapter utlines the prcedures invlved in cnfiguring and mnitring Juniper DX devices. 8.1 Administering the eg Manager t Wrk with a Juniper DX Device T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Juniper DX device, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 8.1: Adding a Juniper DX device 3. When yu attempt t sign ut, a list f uncnfigured tests appears (see Figure 8.2) 28
Cnfiguring and Mnitring Juniper DX Devices Figure 8.2: A list f uncnfigured tests 4. Click n the Target Server Status test t cnfigure it. This test reprts the status f each f the target servers in the Web cluster accelerated by the Juniper DX device. T cnfigure the test, prvide the fllwing details in Figure 8.3 that appears: TEST PERIOD - Hw ften shuld the test be executed HOST The hst fr which the test is being cnfigured PORT - The prt at which the device listens. By default, this will be NULL. SNMPPORT - The prt number thrugh which the Juniper DX device expses its SNMP MIB. The default prt is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg 29
Cnfiguring and Mnitring Juniper DX Devices agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here SNMPCOMMUNITY The cmmunity string f the Juniper DX device. Figure 8.3: Cnfigure the Target Server Status test 5. The next time yu try t sign ut f the admin interface, yu will be prmpted t cnfigure the Netwrk Interfaces test. T cnfigure this test, click n it. Fr mre details n cnfiguring the Netwrk Interfaces test, refer t the Cnfiguring and Mnitring Cisc CSS Servers dcument. 6. Finally, Update the test cnfiguratin, and sign ut f the eg administrative interface. 8.2 Mnitring the Juniper DX Device T mnitr the status f the Juniper DX Device, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the Juniper DX device being mnitred. The measurements pertaining t the device will then appear. 30
Cnfiguring and Mnitring F5 Big-IP Lad Balancers Chapter 9 Cnfiguring and Mnitring F5 Big- IP Lad Balancers This chapter utlines the prcedures invlved in cnfiguring and mnitring F5 Big-IP lad balancers. 9.1 Administering the eg Manager t Wrk with a Big- IP Lad Balancer T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a Big-IP lad balancer, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure -> Cmpnents -> Add/Mdify). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring Web Servers dcument. Figure 9.1: Adding a F5 Big-IP Lad Balancer 31
Cnfiguring and Mnitring F5 Big-IP Lad Balancers 3. When yu attempt t sign ut, a list f uncnfigured tests appears (see Figure 9.2). Figure 9.2: A list f uncnfigured tests 4. Click n the F5 Status test t cnfigure it. This test reprts the status f incming and utging traffic thrugh all the virtual servers/addresses that have been cnfigured n the lad balancer. T cnfigure the test, prvide the fllwing details in Figure 9.3 that appears: TEST PERIOD - Hw ften shuld the test be executed HOST The hst fr which the test is being cnfigured SNMPPORT - The prt number thrugh which the lad balancer expses its SNMP MIB. The default prt is 161. SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm 32
Cnfiguring and Mnitring F5 Big-IP Lad Balancers ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. Figure 9.3: Cnfigure the F5Status test 5. The next time yu try t sign ut f the admin interface, yu will be prmpted t cnfigure the NetwrkInterfaces test. T cnfigure this test, click n it. Fr mre details n cnfiguring the Netwrk Interfaces test, refer t the Cnfiguring and Mnitring Cisc CSS Servers dcument. 6. Any subsequent attempt t exit the admin interface will prmpt yu t cnfigure the TCP Statistics test. T cnfigure the test, click n it. Fr mre details n cnfiguring the TCP Statistics test, refer t Sectin 7.1 abve. 7. Finally, Update the test cnfiguratin, and sign ut f the eg administrative interface. 33
Cnfiguring and Mnitring F5 Big-IP Lad Balancers 9.2 Mnitring the Big-IP Lad Balancer T mnitr the status f the F5 Big-Ip Lad Balancer, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the F5 Big-Ip Lad Balancer being mnitred. The measurements pertaining t the device will then appear. 34
Cnfiguring and Mnitring 3COM Cre Builder Switches Chapter 10 Cnfiguring and Mnitring 3COM Cre Builder Switches This chapter utlines the prcedures invlved in cnfiguring and mnitring 3COM CreBuilder switches. 10.1 Administering the eg Manager t Wrk with a 3COM Cre Builder Switch T administer the eg manager, d the fllwing: 1. Lg int the eg administrative interface. 2. Since the eg Enterprise suite cannt autmatically discver a 3COM Cr Builder switch, yu need t manually add the cmpnent using the ADD/MODIFY COMPONENTS page (Infrastructure-> Cmpnents -> Add/Mdify) (see Figure 10.1). Remember that cmpnents manually added are managed autmatically. Discvered cmpnents, hwever, are managed using the COMPONENTS - MANAGE/UNMANAGE page. Fr mre details n adding and managing cmpnents, refer t the Cnfiguring and Mnitring web Servers dcument. Figure 10.1: Adding a 3COM Cre Builder Switch 3. When yu attempt t sign ut, a list f uncnfigured tests appears (see Figure 10.2). 35
Cnfiguring and Mnitring 3COM Cre Builder Switches Figure 10.2: A list f uncnfigured tests 4. Click n the Cre Builder test t cnfigure it. mnitrs critical metrics relating t each f the netwrk interfaces f a 3COM Cre Builder switch. T cnfigure the test, prvide the fllwing details in Figure 10.3 that appears: TEST PERIOD - Hw ften shuld the test be executed HOST The IP address f the server Ensure that the specified HOST is SNMP-enabled. If nt, the test will nt functin. SNMPPORT - The default SNMP prt is 25 SNMPVERSION By default, the eg agent supprts SNMP versin 1. Accrdingly, the default selectin in the SNMPVERSION list is v1. Hwever, if a different SNMP framewrk is in use in yur envirnment, say SNMP v2 r v3, then select the crrespnding ptin frm this list. SNMPCOMMUNITY The SNMP cmmunity name that the test uses t cmmunicate with the Cisc ruter. This parameter is specific t SNMP v1 and v2 nly. Therefre, if the SNMPVERSION chsen is v3, then this parameter will nt appear. USERNAME This parameter appears nly when v3 is selected as the SNMPVERSION. SNMP versin 3 (SNMPv3) is an extensible SNMP Framewrk which supplements the SNMPv2 Framewrk, by additinally supprting message security, access cntrl, and remte SNMP cnfiguratin capabilities. T extract perfrmance statistics frm the MIB using the highly secure SNMP v3 prtcl, the eg agent has t be cnfigured with the required access privileges in ther wrds, the eg agent shuld cnnect t the MIB using the credentials f a user with access permissins t be MIB. Therefre, specify the name f such a user against the USERNAME parameter. AUTHPASS Specify the passwrd that crrespnds t the abve-mentined USERNAME. This parameter nce again appears nly if the SNMPVERSION selected is v3. CONFIRM PASSWORD Cnfirm the AUTHPASS by retyping it here. AUTHTYPE This parameter t appears nly if v3 is selected as the SNMPVERSION. Frm the AUTHTYPE list bx, chse the authenticatin algrithm using which SNMP v3 cnverts the specified USERNAME and PASSWORD int a 32-bit frmat t ensure security f SNMP transactins. Yu can chse between the fllwing ptins: MD5 Message Digest Algrithm SHA Secure Hash Algrithm ENCRYPTFLAG This flag appears nly when v3 is selected as the SNMPVERSION. By default, the eg agent des nt encrypt SNMP requests. Accrdingly, the ENCRYPTFLAG is set t NO by default. T ensure that SNMP requests sent by the eg agent are encrypted, select the YES ptin. 36
Cnfiguring and Mnitring 3COM Cre Builder Switches ENCRYPTTYPE If the ENCRYPTFLAG is set t YES, then yu will have t mentin the encryptin type by selecting an ptin frm the ENCRYPTTYPE list. SNMP v3 supprts the fllwing encryptin types: DES Data Encryptin Standard AES Advanced Encryptin Standard ENCRYPTPASSWORD Specify the encryptin passwrd here. CONFIRM PASSWORD Cnfirm the encryptin passwrd by retyping it here. ONLYUP If the ONLYUP flag is set t Yes, then nly the netwrk interfaces that are peratinal - i.e. whse MIB-II perstatus variable has a value "up" - are mnitred. If this flag is set t N, all netwrk interfaces that have an adminstatus f "up" will be mnitred. FULLDUPLEX - If this value is Yes, then it indicates that all interfaces are full duplex. In this case, the eg Enterprise system will cmpute bandwidth usage % t be, max(input bandwidth, utput bandwidth)*100/ttal speed. On the ther hand, if this flag is set t N, then the cmputatin f bandwidth usage % will be (input bandwidth + utput bandwidth)*100/ttal speed. TIMEOUT - The maximum duratin (in secnds) fr which the test will wait fr a respnse frm the netwrk interface. DISCOVERBYSTATE This flag cntrls hw the test discvers netwrk interfaces. If this flag is N, the peratinal state f an interface is nt cnsidered when discvering all the netwrk interfaces f a ruter/switch/netwrk device. If this flag is Yes (which is the default setting), nly interfaces that have been in the up peratinal state will be cnsidered fr mnitring. In this mde, if an interface is dwn all f the time, it will nt be cnsidered fr mnitring. Hwever, nce the interface starts t functin, it will be tracked by the test and alerts generated if the interface state ever changes t dwn. USEALIAS - Cisc and many netwrk devices allw administratrs t set the names fr switch/ruter prts. These names can be set t lgical, easily understandable values. Prt names can be set in Cisc devices using the cmmand "set prt name". Fr example set prt name 3/24 Federal_credit_unin_link. This cmmand indicates that the prt 3/24 is used t supprt the Federal Credit Unin. If the USEALIAS parameter is set t Yes, the agent will try t lk at the prt name (frm the ifalias SNMP OID) and use the prt name if specified as the descriptr fr the test results. If USEALIAS is set t N, r if n prt name/alias is specified in the netwrk device setting, the interface descriptin fr each prt prvided in the SNMP MIB-II utput is used instead as the descriptr fr the test results. 37
Cnfiguring and Mnitring 3COM Cre Builder Switches Figure 10.3: Cnfiguring the Cre Builder test 5. Finally, Update the test cnfiguratin, and sign ut f the eg administrative interface. 10.2 Mnitring the 3COM Cre Builder Switch T mnitr the status f the 3COM Cre Builder switch, d the fllwing: 1. Lgin as a mnitr / supermnitr user. 2. Click n the Cmpnents ptin in the menu bar, and select the Servers ptin frm the Cmpnents menu. 3. Frm the Cmpnents page, click n the 3COM Cre Builder switch being mnitred. The measurements pertaining t the 3COM Cre Builder switch will then appear. 38
Cnclusin Chapter 11 Cnclusin This dcument has described in detail the steps fr cnfiguring and mnitring the Netwrk Elements. Fr details f hw t administer and use the eg Enterprise suite f prducts, refer t the user manuals. We will be adding new measurement capabilities int the future versins f the eg Enterprise suite. If yu can identify new capabilities that yu wuld like us t incrprate in the eg Enterprise suite f prducts, please cntact supprt@eginnvatins.cm. We lk frward t yur supprt and cperatin. Any feedback regarding this manual r any ther aspects f the eg Enterprise suite can be frwarded t feedback@eginnvatins.cm. 39