Foundry Networks IronWare Router and Switch
What is Discovered and Monitored
Protocol | Information Discovered | Metrics collected | Used for |
|---|---|---|---|
SNMP (V1, V2c) | Host name, Ironware version, Hardware model, Network interfaces, | Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) | Availability and Performance Monitoring |
Telnet/SSH | Running and startup configuration | Startup configuration change, delta between running and startup configuration | Performance Monitoring, Security and Compliance |
SNMP (V1, V2c) | Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association | Topology and end-host location | |
Syslog | Device type | System logs and traffic logs matching acl statements | Availability, Security and Compliance |
Event Types
In ADMIN > Device Support > Event, search for "foundry_ironware" in the Description column to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Settings for Access Credentials
Set these Access Method Definition values to allow FortiSIEM to communicate with your device.
| Setting | Value |
|---|---|
| Name | <set name> |
| Device Type | Foundry Ironware |
| Access Protocol | See Access Credentials |
| Port | See Access Credentials |
| Password config | See Password Configuration |
Configuration
SNMP
- Log in to the device manager for your switch or router with administrative privileges.
- Enter configuration mode.
- Run these commands to set the community string and enable the SNMP service.
snmp-server community <community> RO snmp-server enable vlan <vlan id>
- Exit config mode.
- Save the configuration.
Telnet/SSH
FortiSIEM uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.
Syslog
- Log in to the device manager for your switch or router with administrative privileges.
- Enter configuration mode.
- Run this command to set your FortiSIEM virtual appliance as the recipient of syslogs from your router or switch.
logging host <FortiSIEM Ip>
- Exit config mode.
- Save the configuration.
Sample Parsed PowerConnect Syslog Message
<14>SJ-Dev-A-Fdy-FastIron, running-config was changed from console <14>SJ-Dev-A11-Fdy-FastIron, startup-config was changed from telnet client 192.168.20.18 <14>SJ-Dev-A-Fdy-FastIron, phoenix_agent login to USER EXEC mode <14>SJ-Dev-A-Fdy-FastIron, Interface ethernet3, state up <14>SJ-Dev-A-Fdy-FastIron, Interface ethernet 20/3, state up <12>SJ-QA-A-Fdy-BigIron, list 100 permitted udp 173.9.142.98(ntp)(Ethernet 2/1 0004.23ce.ba11) -> 172.16.20.121(ntp), 1 event(s) <14>SJ-Dev-A-Fdy-FastIron, Bridge root changed, vlan 3, new root ID 80000004806137c6, root interface 3 <14>SJ-QA-A-Fdy-BigIron, VLAN 4 Port 2/7 STP State -> DISABLED (PortDown) Jun 4 15:51:18 172.16.20.99 Security: telnet logout by admin from src IP 137.146.28.75, src MAC 000c.dbff.6d00 Jun 4 15:51:12 172.16.20.100 System: Interface ethernet 4/9, state down Jun 4 03:12:53 172.16.20.100 ACL: ACL: List GWI-in permitted tcp 61.158.162.230(6000)(Ethernet 1/4 0023.3368.f500) -> 137.146.0.0(8082), 1 event(s) Jun 4 02:54:31 172.16.20.100 ACL: ACL: List XCORE denied udp 137.146.28.75(55603)(Ethernet 1/1 000c.dbde.6000) -> 137.146.3.35(snmp), 1 event(s) Jun 4 01:49:09 172.16.20.100 STP: VLAN 3104 Port 4/22 STP State -> LEARNING (FwdDlyExpiry)
Settings for Access Credentials
SNMP Access Credentials for All Devices
Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.
| Setting | Value |
|---|---|
| Name | <set name> |
| Device Type | Generic |
| Access Protocol | SNMP |
| Community String | <your own> |
Telnet Access Credentials for All Devices
These are the generic settings for providing Telnet access to your device from FortiSIEM.
| Setting | Value |
|---|---|
| Name | Telnet-generic |
| Device Type | generic |
| Access Protocol | Telnet |
| Port | 23 |
| User Name | A user who has permission to access the device over Telnet |
| Password | The password associated with the user |
SSH Access Credentials for All Devices
These are the generic settings for providing SSH access to your device from FortiSIEM.
| Setting | Value |
|---|---|
| Name | ssh-generic |
| Device Type | Generic |
| Access Protocol | SSH |
| Port | 22 |
| User Name | A user who has access credentials for your device over SSH |
| Password | The password for the user |
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
