2. Connectors
NP-Live includes NP-Connect, a utility to automatically retrieve network device configuration files on a schedule. The list of connectors that are currently included with NP-Connect is as follows:
Cloud Providers
For retrieving vlan and services configurations from cloud providers.
| Manufacturer | Type/Model | Configuration Information Required |
|---|---|---|
| Amazon | AWS | AWS API Access Key, Secret Key and Region to monitor |
| Microsoft | Azure | Azure Tenant ID, Client ID, Client Secret, Subscription ID, and Resource Group Name |
Configuration Managers
For retrieving config files from network management systems using read-only SSH. For each connector, the user can define the devices to be uploaded for monitoring.
| Manufacturer | Type/Model | Configuration Information Required |
|---|---|---|
| Check Point | R80 | Hostname or IP address plus login credentials See device selection and service account sections below for additional information |
| Forescout | Enterprise Manager | Install of the NP-Live Plugin for ForeScout into your ForeScout Enterprise manager. See this document for details and the additional instructions section below. |
| Fortinet | FortiManager | Hostname or IP address plus login credentials |
| Infoblox | NetMRI | Hostname or IP address plus login credentials |
| Palo Alto | Panorama | Hostname or IP address plus login credentials See device selection section below for additional information |
| Solarwinds | Network Configuration Manager | Hostname or IP address plus login credentials |
| Tripwire | Enterprise Manager | Hostname or IP address and login credentials plus a tripwire policy rule to invoke. |
Direct Device Connection
For retrieving config files directly from the device using read-only SSH.
| Manufacturer | Type/Model | Configuration Information Required |
|---|---|---|
| Cisco | Adaptive Security Appliance (ASA) | Hostname or IP address plus login credentials, enabling password and optional context |
| Cisco | Internetwork Operating System (IOS) | Hostname or IP address plus login credentials, enabling password and optional context |
| Fortinet | FortiGate Firewall and NGFW | Hostname or IP address plus login credentials Note: SCP should be enabled in the configuration (instructions) |
| Juniper | JunOS Firewall | Hostname or IP address plus login credentials |
| Palo Alto | PAN-OS | Hostname or IP address plus login credentials |
Volume Shares
For retrieving config files that are uploaded to a common collection repository.
| Platform | Connection | Configuration Information Required |
|---|---|---|
| Windows | SMB Share (Samba) | Hostname or IP address and folder path. Optionally a white list and black list can be defined. Optional. A PGP key can also be provided if the files retrieved have been encrypted. |
| Linux | SSH Share | Hostname or IP address and folder path. Optionally a white list and black list can be defined. Optional. A PGP key can also be provided if the files retrieved have been encrypted. |
Additional Instructions
Samba
Network Perception suggests the following when setting up the SMB connection.
- Create a read-only user in Active Directory or on the SMB server.
- Share the SMB folder containing the Configuration files with the read-only user.
- Use the folder name at the end of the share in the field “Path on remote host” in NP-Connect.
