Adding firewall Fortigate to CS-MARS 6.1.2

Similar Messages

• Adding a Cisco CSS to MARS

  Has anyone added a Cisco CSS to MARS as a reporting device?
  If so what did you select as your "device type."?
  And did you create custom parsers?

  I have a CSS in MARS but its listed as a generic router. The logs dont get parsed but I have some alerts setup for specific messages.

• Problem with adding IPS 6.x to MARS 6.0.1

  Hello!
  I've recently upgraded our MARS to 6.0.1 and IPS from 5.x to 6.x and after that I have one issue.
  Now I can add a "virtual sensor" to the IPS 6.x device. I have the default vs0 virtual sensor, MARS discovers it with device "addition" and then MARS uses the "myIPS/vs0" as a device when displaying events. The problem is that now I receive "Inactive MARS reporting device" concerning the main sensor (not the vs0). I use this event as part of health-monitoring of my devices, but now I can't definitely say if my IPS is active or not.
  What is the solution?
  Regards, Amir

  You can filter that particular 'reporting device' from the built-in unknown alerting device rule. You can use the not equal to (!=) operator.
  Regards
  Farrukh

• SCOM Management pack for Checkpoint Firewall & Fortigate UTM

  HI ,
  Any body knows that is there Management pack for Checkpoint ( <cite>www.checkpoint.com ) </cite>and
  Fortigate Appliance ( http://www.fortinet.com/products/fortigate/index.html ).
  please advise me.
  Regards, COMDINI

  Hi,
  If you cannot find them in system center marketplace:
  http://systemcenter.pinpoint.microsoft.com/en-US/home
  you can contact the vendors for management pack.
  Alex Zhao
  TechNet Community Support

• Adding a Windows server to Mars

  Does anyone have a document that walks you through attaching to a Windows box from Mars?

  I presume you want to Pull information from the Windows box and not have a Snare Agent push it to MARS.
  The Snare agent is free from:
  http://www.intersectalliance.com/projects/SnareWindows/
  Depending upon how much reading you want to do outside of the Cisco Install and Setup guide, there are plenty of resources available:
  1. From the Cisco Press, Security Threat Mitigation and Response (Understanding CS-MARS) by Dale Tesch
  2. http://ciscomars.blogspot.com/
  3. http://www.demolabs.co.uk/ This has some excellent online demos.
  4. http://groups.google.com/group/cs-mars-ug?hl=en-GB
  This is a User Group with some very good postings.
  Hope this helps.

• Prblem while adding firewall in ciscoworks lms 2.6

  We are not able to add firewall ASA5510 in ciscoworks LMS 2.6.
  SNMP configuration on firewall is as follows
  snmp-server host inside 10.48.2.54 community firewall version 2c
  no snmp-server location
  no snmp-server contact
  snmp-server community ****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  Please check attached file for ciscoworks configuration, SNMP Walk command output and Firewall "show version" output.

  Now I am able to add firewall but when i am trying to access firewall through Cisco View> Chassis View I am getting following error.
  Message
  Can't find applicable device package for 10.44.100.37.
  Cause
  Device package for this device type is not installed or device support for this device type might not be available or you are attempting to open a component inside a device.
  Action
  Please install a device package for the device type or open the parent device to manage the component.
  When I configured netshow job for "show running-config" and "show tech-support" it ends with following error
  Command(s) failed on the device Insufficient no. of interactive responses(or timeout) for command: show tech-support. Insufficient no. of interactive responses(or timeout) for command: show tech-support.

• Is it possible to add Fortigate 620B to CS-MARS v6.0?

  Hi all,
  I have a firewall Fortigate 620B and I want to add to CS-MARS. The link below to add it to mars:
  http://firewallguru.blogspot.com/2008/09/fortinet-and-cisco-mars-integration.html
  When I completed, it stay standalone, not connect to any networks.
  So anybody show me how can I add and link the Fortigate to my network?
  Tks anyway.

  Neither Bluecoat is supported inherently in MARS, nor I'm aware of any custom parser for it (at least in the public domain).
  Regards
  Farrukh

• Adding IDS-SM to MARS

  Hi All,
  We have two cisco 6513 switches and four IDSSM, two in each switch. I have added the the IDSSM to MARS but i can't find the commands on the IDSSM to allow it to send all the logs to MARS. So, Could you please help me on knowing how to configure IDSSM to send all its logs to MARS?
  Thanks in advance.

  Hi Fredrik,
  There are alot of events on the IDSSM but these events aren't appeared on MARS although IDSSM is successfully discovered by MARS. That's also happened with Cisco NAC appliance which i added it to MARS but there are no incidents for it on MARS.

• Problem when firewall was inserted

  I managed to connect ABC-3550 and XYZ-4507R. Workstations from each network could see each other. But when I added the Firewall (Fortigate-100A) in between ROUTER-A(2600) and ABC-3550. All of sudden I could not connect or ping PC's from ABC network to XYZ network. The firewall is configured as transparent mode with only the management ip (192.168.13.176, SMask 255.255.255.0) and gateway 192.168.13.1. Do you have any idea what is wrong? Hope that you could help me sort it out. Your help is much appreciated.

  Try this link for more information on configuring firewall
  http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_book09186a0080172852.html

• Can't add a new Firewall Rule

  I have a very curious issue: I cannot add any new firewall rules at all! Clicking on the New Button does nothing and on the console I get
  System Preferences[487] * -[NSCFString objectForKey:]: selector not recognized [self = 0x3f11b0]
  I have flushed the firewall with ipfw, deleted the plist file, repaired permissions but the problem ist still there. Any suggestions? (apart from reinstallation)
  Adding Firewall Rules through ipfw works...

  Whenever I use ipfw I lose the ability to use System Preferences. At first I thought that it compared kernel memory with the plist file and if it found a difference, assumed another firewall was running and disabled itself. But I also deleted the plist file (assuming it would build one from kmem) but that didn't work. Right now I assume there's another file somewhere. It wouldn't make any sense to keep another table in kmem. The weird part is that rules can be the same, but different sequence numbers will cause this problem. There weren't sequence numbers in the plist file, so there's probably another file somewhere.
  I think your error is from the missing plist file. A reboot should clear it up.

• Windows 8.1 Firewall + Microsoft Account Logon

  Hi,
  I am a frequent SkyDrive user. With Windows 8.1, the SkyDrive integration has changed. In order to use SkyDrive, I have to register with my Microsoft account at my local machine now. I am actually fine with that design decision of yours.
  But I always used to set the default behavior for outgoing connections in Windows Firewall to "block" and I want to keep it that way because - as a software developer for client/server-apps - I want to be in complete control of which network interface
  emits what data packages.
  Using the tools from Microsoft SysInternals, I was able to reverse engineer the communication process and determine most of the required rules. But there is one firewall rule that I cannot figure out. Currently, I have the following rules:
  General
  Predefined: Core Networking - DNS (UDP-Out)
  Predefined: Core Networking - Dynamic Host Configuration Protocol (DHCP-Out)
  Predefined: Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-Out)
  Custom: %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe -> Without limitations, for writing this message!
  For SkyDrive:
  Custom: %SystemRoot%\System32\SkyDrive.exe -> Without limitations (for the moment)!
  Custom: %SystemRoot%\FileManager\FileManager.exe -> Without limitations (for the moment)!
  For Microsoft Account Login:
  Custom: %SystemRoot%\System32\AuthHost.exe -> Without limitations (for the moment)!
  Another rule is required for logging into my Microsoft account successfully. But I cannot figure out what it should look like. The SysInternals Process Monitor shows that that SVCHOST (Network Services Instance / HKLM\System\CurrentControlSet\Services\nsi)
  attempts a connect during the Microsoft Account sign-on procedure. However, adding firewall exceptions ("Apply to this Service: ...") for any of the associated services doesn't have any effect. Even creating a rule where "Apply to services only"
  is checked doesn't work.
  However, setting a rule that allows "This program: %SystemRoot%\System32\svchost.exe" to pass the outgoing firewall works fine. How can it be that a program-executable based rule for SVCHOST.EXE works, while a rule for all services ("Apply
  to services only") does not?
  I am completely puzzled by this. Is there a hidden service that cannot be seen - even with having the elevated local Administrator credentials - and that is not automatically included when a firewall rule that has "Apply to services only" checked
  is created? The most minimalistic (working) rule I could find so far is as follows:
  This program: %SystemRoot%\System32\svchost.exe
  Protocol Type: TCP
  Remote IP Addresses: 131.253.61.80
  Other Settings: <default>
  However, this is not a setting I want to keep. It is too common. And I also do not want to reference specific hosts directly by their IPs because these IPs might change in the future. Furthermore, creating a exception rule for SVCHOST.EXE produces lots of
  warning messages in MMC. Apparently, the Windows Firewall thinks that such a rule can have undesired effects on the firewall subsystem that controls the service based filtering.
  I really hope you can help me with this. Thorough online research has shown that other people are also looking for a solution to this problem.
  T3L

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  I need more time for testing this issue. There might be some time delay. Appreciate your patience.
  Regards,
  Kelvin hsu
  TechNet Community Support

• How to get the lost data of a data base table such as MARA

  i have added an include structure to mara table,while activation errors have occured 
  i went to SE14 and selected 'adjust database' push button .
  IN this after being activated the testing data of MATA has 
  been lost.
  What would be the reason?

  Hi ,
  I think in se14 you might have checked the radio button called
  Delete and adjust.
  So this button will delete all the records in the table.
  SO now you need to consult your BASIS people to restore the data.
  How the data will be retained ?  
            i am not sure.
  Regards,
  Venkatesh

• ATV not shown in devices list and firewall port 3689

  Having a nightmare with ATV. I have searched and found some help for some of the ATV problems I have had in other threads but seems that a couple of issues remain unsolved for most people.
  I have just purchased an ATV updated it to latest software; at first had the Samsung TV HDMI problem which can be solved by telling the TV that the connection is a PC (seems to alter settings for that HDMI port on Samsung TVs).
  All was well for 30 mins (kids got stuck in and started watching a film that was on my itunes library) then ATV lost connection to itunes media (still had network and internet for movie trailers). Tried various things reset ATV and quit itunes etc and got the firewall port 3689 error message in itunes.
  Tried a variety of stuff to fix the 3689 issue including: fixing permissions on imac HD; re-installing itunes, adding port forwarding to my BT homehub, telling itunes to share my library, adding firewall rule in OSX for itunes. Then reset and tried again, this time it worked for several hours started to sync etc. Then paused ATV in middle of film and imac went into sleep mode....after this ATV stopped seeing itunes media and imac went into circle of death.
  Since reboot of imac and reset of ATV nothing works; can't see ATV in itunes at all, tried all the normal reboot type stuff.
  Starting to get frustrated ATV seems flakey expected this to be normal apple experience but so far I feel like I do at work in Microsoft **** where nothing makes sense and I'm rebooting all the time ...any ideas ...BT homehub is suspect but seems odd that it worked for hours then stopped !!

  OK - rebooted BThomehub and forced ATV off network and back on and now itunes can see ATV and is syncing again.
  The common failure on both previous occasions was pausing a film for few minutes and imac going into sleep mode on second time.
  Anyone seen this before ... ?

• Update zfields in MARA table

  hi,
  In my client system a custom view is maintained for MM* transactions
  I have added two custom fields in MARA table as well as this custom view.
  Now i have to populate value for this two custom fields.
  i am using "/AFS/BAPI_MATERIAL_SAVEDATA" to update this two fields. But the fields are not updated and the bapi gives the follwoing message "The material cannot be maintained since no maintainable data transferred"
  What are the parameter in which i have to pass values for populating any zfield?
  Currently i am just passing HEADER DATA , EXTENSIONIN and EXTENSIONINX.
  I think i am missing something.
  Please help.

  Some settings may be required as discussed here.
  Update custom fields of MARA using MATERIAL_MAINTAIN_DARK
  Also you can try this BAPI.
  BAPI_MATERIAL_SAVEDATA.

• CS-MARS 4.2.1 support for NM-CIDS

  I'm currently trying to setup a CS-MARS 4.2.1 to monitor my network devices. I have seen in the configuration guide that it supports cisco swithces and ASA IPS modules, what about a router IPS module? (NM-CIDS)
  I'am already added the IPS module to MARS as a standalone IPS 5.x device, tested connectivity and MARS is receiving events from the IPS.
  The problem is that all those events are shown as "unkown device" on the reporting device column.
  Could this behaviour be related with NM-CIDS not being supported by MARS? Any other idea?

  It appears that the NM-CIDS is supported.
  This was in the documentation on CCO:
  http://www.cisco.com/en/US/partner/products/ps6241/products_configuration_example09186a008067a2b0.shtml#wp15514
  If the link doesn't work do a search on
  Configuring Distributed Threat Mitigation in Cisco Security MARS.
  Hardware and Software Requirements
  Static IPS Devices
  Cisco IPS 4200 Series appliances using Cisco IPS Sensor Software v5.1.1 or greater
  Cisco ASA 5500 Series appliances with the Advanced Inspection and Protection module using Cisco ASA Software v5.0 or greater
  Cisco IDSM-2 sensor blades for the Cisco Catalyst 6500 Series using Cisco IPS Sensor Software v5.1.1 or greater
  Cisco NM-CIDS Network Module (with Cisco IPS Sensor Software v5.1.1 or greater) for Cisco 2600XM, 2800, 3700, and 3800 series routers
  Hope this helps.