I am trying to configure our CSPM, but I've come across a little problem.
Our external router has an interface with a primary and secondary IP. The second IP has a split route tied to it leading to two gateways. When we do the topology wizard it picks up that the interface has two IP's, but will only allow us to enter the primary because the second IP is not in the same subnet as the primary. We've also tried to build the two networks off of two internet interfaces, but this still does not seem to work.
Are you using CSPM for IDS management or for Firewall/Router management?
If you are using CSPM for IDS mamagement, then you don't have to worry to much about the topology. The topology just allows for nice grouping in the window, but the only configuration that it can affect is if NAT is being used between CSPM and the sensor (i.e. one of the 2 addresses is being translated in that connection). If NAT is not being used then the topology has no affect on the IDS configuration files.
If you are using CSPM for Firewall/Router management, then I suggest contacting the TAC. Or someone else on this forum, more familiar with using CSPM for Firewall/Router management may be able to help.
Thanks for the help. Right now our main goal is to get CSPM working to manage our routers and firewalls. We do, however plan to implement the CSPM to manage our IDS. Hopefully I can find someone that might know more about this, but again you help is greatly appreciated.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...