Posted by: manilageek | March 10, 2010

Zenoss and Netscreen global policy training.

My teammate Sherwin Hidalgo conducted a training about Zenoss and Netscreen global policy, during our weekly meeting. He is about to resign and this part of the resignation process.

Zenoss is an open source NMS (Network Management System) We are currently moving to this platform in exchange with our Cisco Works. Cisco’s NMS is just unreliable it just sends a lot fo false positive alarms. We just waisted a lot of man hours setting it up and a lot of money for the licence. 

  1. Search option at the upper right corner of the window. Just put the device hostname and press enter then the device window page will display. Inside the device windows you have 7 tabs (Arrow Down, Status, OS, Hardware, Software, Events and Perf)
    1. Arrow – Inside you can conduct connectivity test from the Zenoss server going to the device like ping and snmpwalk.
    2. Status – you can check device basic information like IP address, MAC address etc.
    3. OS – you check the device interfaces including the sub interfaces. Click the interface to see the interface utilization graph.
    4. Events – you’ll be able to check the alerts generated.
    5. Perf – you will be able to check the cpu and memory utilization.
  2. Location option at the lower left corner of the window. Its one of the option under Browse By. Clicking the option menu you will be able to browse the devices by location groups.

Netscreen global policies will be check last on the policy check of the firewall. The order will be below.

  1. Interzone – If the source and destination zones are different (e.g. trust to untrust).
  2. Intrazone – If the source and destination zones are the same, the security device performs a policy lookup in this policy set list. Traffic will flow from one interface to another within the same zone.
  3. Global – If the security device does not find a match, the device then checks the global policy list.

Global policy should be configured per Vsys. This should be used for policies that are common to the entire Vsys (e.g. Access to mail servers, shared internet access). You should place the “Deny Any Any” at the last portion and remove it from Interzone and Intrazone if not the Global policy will not be check.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

%d bloggers like this: