Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Foundry Networks IronWare Router and Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, Ironware version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)

Availability and Performance Monitoring

Telnet/SSH

Running and startup configuration

Startup configuration change, delta between running and startup configuration

Performance Monitoring, Security and Compliance

SNMP (V1, V2c)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association

Topology and end-host location

Syslog

Device type

System logs and traffic logs matching acl statements

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "foundry-ironware" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP
  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run these commands to set the community string and enable the SNMP service.
    snmp-server community <community> RO
    snmp-server enable vlan <vlan id>
  4. Exit config mode.
  5. Save the configuration.
Telnet/SSH

FortiSIEM uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

Syslog
  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run this command to set your FortiSIEM virtual appliance as the recipient of syslog from your router or switch.
    logging host <FortiSIEM Ip>
    
    
  4. Exit config mode.
  5. Save the configuration.
Sample Parsed PowerConnect Syslog Message

<14>SJ-Dev-A-Fdy-FastIron, running-config was changed from console

<14>SJ-Dev-A11-Fdy-FastIron, startup-config was changed from telnet client 192.168.20.18
<14>SJ-Dev-A-Fdy-FastIron, phoenix_agent login to USER EXEC mode

<14>SJ-Dev-A-Fdy-FastIron, Interface ethernet3, state up

<14>SJ-Dev-A-Fdy-FastIron, Interface ethernet 20/3, state up

<12>SJ-QA-A-Fdy-BigIron, list 100 permitted udp 173.9.142.98(ntp)(Ethernet 2/1 0004.23ce.ba11) -> 172.16.20.121(ntp), 1 event(s)

<14>SJ-Dev-A-Fdy-FastIron, Bridge root changed, vlan 3, new root ID 80000004806137c6, root interface 3

<14>SJ-QA-A-Fdy-BigIron, VLAN 4 Port 2/7 STP State -> DISABLED (PortDown)

Jun  4 15:51:18 172.16.20.99 Security: telnet logout by admin from src IP 137.146.28.75, src MAC 000c.dbff.6d00

Jun  4 15:51:12 172.16.20.100 System: Interface ethernet 4/9, state down

Jun  4 03:12:53 172.16.20.100 ACL: ACL: List GWI-in permitted tcp 61.158.162.230(6000)(Ethernet 1/4 0023.3368.f500) -> 137.146.0.0(8082), 1 event(s)

Jun  4 02:54:31 172.16.20.100 ACL: ACL: List XCORE denied udp 137.146.28.75(55603)(Ethernet 1/1 000c.dbde.6000) -> 137.146.3.35(snmp), 1 event(s)

Jun  4 01:49:09 172.16.20.100 STP: VLAN 3104 Port 4/22 STP State -> LEARNING (FwdDlyExpiry)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Foundry Ironware
Setting Value
Name <set name>
Device Type Foundry Ironware
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration
SNMP Access Credentials for All Devices

Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>
Telnet Access Credentials for All Devices

These are the generic settings for providing Telnet access to your device from FortiSIEM.

Setting Value
Name Telnet-generic
Device Type generic
Access Protocol Telnet
Port 23
User Name A user who has permission to access the device over Telnet
Password The password associated with the user
SSH Access Credentials for All Devices

These are the generic settings for providing SSH access to your device from FortiSIEM.

Setting Value
Name ssh-generic
Device Type Generic
Access Protocol SSH
Port 22
User Name A user who has access credentials for your device over SSH
Password The password for the user

Foundry Networks IronWare Router and Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, Ironware version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths)

Availability and Performance Monitoring

Telnet/SSH

Running and startup configuration

Startup configuration change, delta between running and startup configuration

Performance Monitoring, Security and Compliance

SNMP (V1, V2c)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association

Topology and end-host location

Syslog

Device type

System logs and traffic logs matching acl statements

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "foundry-ironware" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

SNMP
  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run these commands to set the community string and enable the SNMP service.
    snmp-server community <community> RO
    snmp-server enable vlan <vlan id>
  4. Exit config mode.
  5. Save the configuration.
Telnet/SSH

FortiSIEM uses Telnet/SSH to communicate with this device. Refer to the product documentation for your device to enable Telnet/SSH.

Syslog
  1. Log in to the device manager for your switch or router with administrative privileges.
  2. Enter configuration mode.
  3. Run this command to set your FortiSIEM virtual appliance as the recipient of syslog from your router or switch.
    logging host <FortiSIEM Ip>
    
    
  4. Exit config mode.
  5. Save the configuration.
Sample Parsed PowerConnect Syslog Message

<14>SJ-Dev-A-Fdy-FastIron, running-config was changed from console

<14>SJ-Dev-A11-Fdy-FastIron, startup-config was changed from telnet client 192.168.20.18
<14>SJ-Dev-A-Fdy-FastIron, phoenix_agent login to USER EXEC mode

<14>SJ-Dev-A-Fdy-FastIron, Interface ethernet3, state up

<14>SJ-Dev-A-Fdy-FastIron, Interface ethernet 20/3, state up

<12>SJ-QA-A-Fdy-BigIron, list 100 permitted udp 173.9.142.98(ntp)(Ethernet 2/1 0004.23ce.ba11) -> 172.16.20.121(ntp), 1 event(s)

<14>SJ-Dev-A-Fdy-FastIron, Bridge root changed, vlan 3, new root ID 80000004806137c6, root interface 3

<14>SJ-QA-A-Fdy-BigIron, VLAN 4 Port 2/7 STP State -> DISABLED (PortDown)

Jun  4 15:51:18 172.16.20.99 Security: telnet logout by admin from src IP 137.146.28.75, src MAC 000c.dbff.6d00

Jun  4 15:51:12 172.16.20.100 System: Interface ethernet 4/9, state down

Jun  4 03:12:53 172.16.20.100 ACL: ACL: List GWI-in permitted tcp 61.158.162.230(6000)(Ethernet 1/4 0023.3368.f500) -> 137.146.0.0(8082), 1 event(s)

Jun  4 02:54:31 172.16.20.100 ACL: ACL: List XCORE denied udp 137.146.28.75(55603)(Ethernet 1/1 000c.dbde.6000) -> 137.146.3.35(snmp), 1 event(s)

Jun  4 01:49:09 172.16.20.100 STP: VLAN 3104 Port 4/22 STP State -> LEARNING (FwdDlyExpiry)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Foundry Ironware
Setting Value
Name <set name>
Device Type Foundry Ironware
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration
SNMP Access Credentials for All Devices

Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

Setting Value
Name <set name>
Device Type Generic
Access Protocol SNMP
Community String <your own>
Telnet Access Credentials for All Devices

These are the generic settings for providing Telnet access to your device from FortiSIEM.

Setting Value
Name Telnet-generic
Device Type generic
Access Protocol Telnet
Port 23
User Name A user who has permission to access the device over Telnet
Password The password associated with the user
SSH Access Credentials for All Devices

These are the generic settings for providing SSH access to your device from FortiSIEM.

Setting Value
Name ssh-generic
Device Type Generic
Access Protocol SSH
Port 22
User Name A user who has access credentials for your device over SSH
Password The password for the user