cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
12
Helpful
8
Replies

MARS: What do you think about it?

juergen.bauer
Level 1
Level 1

hi netpros,

we are running a mars20 in a test environmet and so far i really like it.

i haven't seen other products (network-intelligence, eiq, etc.).

now that it is a cisco product, i hope they will continue the support for a wide range of vendors/products.

whats your opinion on the mars appliance?

best regards

juergen

8 Replies 8

pmccubbin
Level 5
Level 5

Hi Juergen!

MARS has been generally well received by my clients. There is some up front work that needs to be done, like the adding of devices to the MARS appliance, configuring Cisco devices to send their syslogs to it, and the opening up of holes in firewalls and ACLs so that SNMP can pass through. You need to establish early on that the appliance will not initially discover their network on its own!

Though with that said, once everything is set up the dashboard is a very useful feature.

My biggest problem is with clients who want to simulate an attack on a live network to see how well MARS works. Go ahead and do it in a lab environment but restrain your clients from attacking themselves and breaking something by mistake.

A few items I know Cisco is working on:

1. Password rotation is an issue

2. Support for CDP

3. Layer 3 mitigation via a push

4. Sizing the of the MARS appliance to fit the needs of the customer is an evolving process.

Hope this helps.

hi pmccubbin,

thanks for the fast reply. here a few things i would like to see improved:

- checkpoint support. only two versions are availbale. tried ng fp1 but didn't work

- support for vlan tagged interface on netscreen firewalls. they are not shown in the topology.

- backup masrs config only (no data).

- backup protocols. only nfs?

- generally more/better documentation, ie. about ios compatibility. get some weird snmp authentication errors form a router running 12.4!

- support for more devices. (i.e. CSS to get a full topology plan)

- better access to the collected netflow data. ok, mars is a security product, but some netflow reports would be nice (maybe its possible?)

- of course a way to move devices in the topology map to get a nice view (you see i really love the maps ;-))

best regards

Juergen

Juergen,

You added some good improvements to the list!

I agree 100% with being able to move devices in the topology map. Though I will leave it to better minds than mine as to how this could be accomplished.

As for backing up the config, if you make a seed file for your devices this is a kind of backup. The entering of devices into the MARS box is the most time-intensive part of getting the box up and running.

hi pmccubbin,

do you know if there is a way to export all devices into a seed file? i added all my decices (36) by hand instead writing a seed file... :-(

juergen

Hi,

The only way I know to do it is by composing the seed file first. I don't believe it can be done any other way.

Please correct me if I am wrong, anyone?

hi pmccubbin,

maybe this is possible through the backup. i dont need the seed file as long as i get my devices back to a new mars appliance. at the moment we are evaluating a borrowed box. so if we get our own, i don't want zu add all devices by hand again.

i will see what data i get through the backups.

best regards

juergen

If you have cisco works or some other software that can export a seed file you can then import that file into MARS. If you don't have an NMS app available you can create the seed file in CSV then import it. The fields needed are in the manual I belive.

-lance

hi lance,

thanks for the info. we are running lms2.5 so a seed file is available. will try it ....

best regards

juergen

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: