cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
384
Views
4
Helpful
5
Replies

MARS mitigation: can not push to pix

s.buskus
Level 1
Level 1

I just installed MARS 4.1 to monitor IDS (4.0), PIX (6.3.3) and several internal switches. Everything seems ok but the mitigation. It appears if the mitigation suggestion is a switch, the PUSH botton is activated, but if the PIX is the suggested solution, the PUSH button is not activated.

The PIX is configured with SSH. I verified the passwords and snmp string. Still same problem. Anyone have any ideas?

Thanks,

5 Replies 5

mchin345
Level 6
Level 6

sure that all the L2 devices have the SNMP RO community strings specified in the HTML interface for L2 mitigation, even if the access type is not SNMP. (See Mitigation, page 18-6 for more information on mitigating an attack.)

The SNMP RO community string is always required on Layer 2 devices for L2 mitigation. L2 devices must be added manuallythere is no automatic discovery for these device.

CS-MARS does not discover L2 devices automatically as it does with L3 devices.

PIX would be a L3 device. I am having the same problem. Bump.

Too bad Mars does not push to L3 devices. I hear they are plaaning to put it into future releases.

So even though it offers the shun command it will not push to the PIX? That doesn't sound right - did you talk with TAC on this? TIA.

Yes, I had a TAC case. It is also in the documentation. I didn't see the fine print. Mars will only push to L2 not L3.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: