Hi! Looks like the same problem that we have here. It's the firewall that doesn't send any info via SNMP (IF-MIB::ifAlias) = All info in SeedDB --> VLAN is removed/destroyed.
The subject on my communication with Morten was " NAV and VLAN with Virtualized firewall ". But much of that was private mail, to not show how our internat network looks. But maybe you can start look at the info coming from the firewall that's modifying the info to SeedDB if it's some problem there.
Regards Mattias
Från: "Tal Bar-Or" tbaror@gmail.com Till: "Morten Brekkevold" morten.brekkevold@uninett.no Kopia: "John Magne Bredal" john.m.bredal@uninett.no, "nav-users" nav-users@uninett.no Skickat: onsdag, 6 jan 2016 19:08:51 Ämne: Re: Arnold IP not found
Hi Morten, I noticed that Arnold working only if the vlan seed db is completed (in my case ),the steps are as follows Feed Usage categories for each net/vlan , next in Vlan section i am feeding each vlan/network detected and done , i noticed that the vlan i am quarantine interested all detected as Net type >core. The settings stay for a while after some time is back to prior to db feed status , with no vlan , ip association . As for Arnold host quarantine , I wrote TCP client/server in python v 3.44 which the client i turned into exe and attach on each windows machine using event trigger in case of Symantec infection(its can be set to any other event) , the event trigger execute the client which sends in SSL the event and the server will execute start_arnold ,I am i intend to expand the feathers and sends evends from our firewall's IPS(Snort) and execute upon pre-configured event rules arnold_trigger. Maybe its time to give back to the community , i am willing to share my project if someone is interested , i can upload it to Github or what ever. Thanks
On Wed, Jan 6, 2016 at 3:35 PM, Morten Brekkevold < morten.brekkevold@uninett.no > wrote:
On Tue, 5 Jan 2016 20:45:33 +0200 Tal Bar-Or < tbaror@gmail.com > wrote:
Hi,
Thanks for the answer,I noticed that when i update Under seed Database Vlan section for details and vlan numbers and Organization etc.. the quarantine works perfect , but after a while from a reason i don't know yet maybe a bug all details populated are vanished again and Arnold quarantinedoesn't works again until its re-update and so forth. Any idea? Thanks
Hi Tal,
could you please provide some more details on the exact steps you are taking here, so that we could form some idea of what's going on?
How are you using Arnold to quarantine hosts, what are your quarantine VLANs, and what details are you changing in SeedDB?