- Welcome to Networking-Forums.com.
We're Here to Help!
Recent posts
#71
Security / Re: NAC VDI inspection issues
Last post by config t - June 20, 2024, 05:40:01 PMI'm moving current customer to that state. Although the latest best practice I read for Linux recommended SSH keys.
Btw used that analogy today and the previous lead got a kick out of it. I'm going to start doing that in meetings.
Is there a way to tune that behavior? There has to be a configuration file somewhere buried in the directory where the retries are set.
Btw used that analogy today and the previous lead got a kick out of it. I'm going to start doing that in meetings.
Is there a way to tune that behavior? There has to be a configuration file somewhere buried in the directory where the retries are set.
#72
Security / Re: NAC VDI inspection issues
Last post by deanwebb - June 19, 2024, 07:44:58 AMI know customers that are 100% agent and 0% agentless because they don't want *any* extra accounts knocking on doors, an architecture I can respect.
#73
Security / Re: NAC VDI inspection issues
Last post by config t - June 18, 2024, 03:48:13 PMI'm stealing that analogy.
We pushed the agent to a few test machines
So far it looks promising and gives me ammo for moving it to production quickly.
We pushed the agent to a few test machines
So far it looks promising and gives me ammo for moving it to production quickly.
#74
Security / Re: NAC VDI inspection issues
Last post by deanwebb - June 16, 2024, 08:28:02 AMYes, Forescout will hammer with retries. Like a golden retriever going at Venetian blinds after you step out to get the mail because he is the bestest boy and KNOWS that if he keeps tearing down the blinds (and the furniture next), you eventually WILL come back through the door.
This is why I like the agent better.
This is why I like the agent better.
#75
Routing and Switching / Re: Switches incorrectly loadi...
Last post by deanwebb - June 16, 2024, 08:24:27 AMWe're hitting a similar issue in one of my agency customers and it looks like getting SNMP group and view names to lowercase is the way to resolve it.
#76
Security / NAC VDI inspection issues
Last post by config t - June 15, 2024, 04:26:32 PMThis is mostly just a rant to see if anyone has any ideas.
Our HBSS team has a trap set up to capture remote system login and it turns out our NAC solution is generating 1000+ logs on some hosts on a daily basis. I had them send me an example and it's what I would expect to see; vbs scripts and smb calls from NAC but a huge amount. It actually crashed their database server over a weekend.
Forescout inspects hosts on admission and whenever the policy recheck timers expire (usually 8-hours). There are exceptions to that which can be created thru policy but I am not currently running anything like that. Just discovery and interrogation and a few auto-remediation actions.
I suspect an issue with the vSphere integration or the VDI hosts themselves. When I look at the live host logs for the host entry I see a crazy amount of "host online" entries and noticed they are very slow to resolve LDAP info and populate host attributes in general.
In my mind NAC may be attempting to inspect but failing so just hammering it with retries.
Our HBSS team has a trap set up to capture remote system login and it turns out our NAC solution is generating 1000+ logs on some hosts on a daily basis. I had them send me an example and it's what I would expect to see; vbs scripts and smb calls from NAC but a huge amount. It actually crashed their database server over a weekend.
Forescout inspects hosts on admission and whenever the policy recheck timers expire (usually 8-hours). There are exceptions to that which can be created thru policy but I am not currently running anything like that. Just discovery and interrogation and a few auto-remediation actions.
I suspect an issue with the vSphere integration or the VDI hosts themselves. When I look at the live host logs for the host entry I see a crazy amount of "host online" entries and noticed they are very slow to resolve LDAP info and populate host attributes in general.
In my mind NAC may be attempting to inspect but failing so just hammering it with retries.
#77
Routing and Switching / Re: Switches incorrectly loadi...
Last post by config t - June 15, 2024, 04:11:15 PMHaven't had a chance to test it yet. NETOPS is done with upgrades for now so not a lot of switch reboots to replicate the issue.
We are thinking about implementing the call home post-boot script (or whatever it's called).. and just calling it a day.
We are thinking about implementing the call home post-boot script (or whatever it's called).. and just calling it a day.
#78
Information/Announcements / Re: OUTAGE REPORTS
Last post by deanwebb - June 09, 2024, 08:23:13 AMHad a wee tiny outage yesterday when the host introduced an error in the Apache configuration. It's now corrected and back up.
#79
Forum Lobby / Re: Cisco Live 2024
Last post by deanwebb - June 07, 2024, 02:28:16 PMI'd listen to a keynote speaker if the speaker was someone that would normally do a session.
Tom Brady: I'm already as motivated as I can be from what I know of him and avocado ice cream. I'm good to go, there.
Tom Brady: I'm already as motivated as I can be from what I know of him and avocado ice cream. I'm good to go, there.
#80
Routing and Switching / Re: Switches incorrectly loadi...
Last post by Otanx - June 07, 2024, 11:15:24 AMThat would be a crazy bug. I try to always do all caps for stuff because it helps stand out in the config as an admin assigned name instead of a key word, or config. At my old gig we did use lowercase for our SNMP stuff, but I don't remember why we did it. I wonder if we had a similar issue, but I don't remember it.
Thanks,
-Otanx
Thanks,
-Otanx