5.4 Managing Devices

Grouping Devices using Labels

Labels allow you to group your devices together, making them easier to manage. You have the option to apply Labels to new devices before adding, letting you take advantage of the tuning you have already done. This means that you will not generate messages around all the Indeni Rules that exist, which means less noise for your team. 

Grouping devices helps in carrying out certain common operations with ease. These operations are reporting, device configuration backup or custom alerts. Labels are also very useful as filters when you review your issues. You can also use labels to create a segmentation of data between users to limit device visibility to certain users. See the Roles and Device Permissions for more information. 

There are two types of labels.

1. System Labels

These labels are created out of the box. System-all consists of all the devices managed by the system. When a new device is added, the label system-all is automatically applied. Conversely, when a device is removed, the system will automatically update all relevant system labels. 

System-<vendor> consists of devices from the vendor, e.g. system-blue consists of Bluecoat ProxySG and Bluecoat CAS devices. When a new vendor device is added for the first time, the system-vendor label is created automatically. The new device will be added to both the “system-all” and “system-<vendor-name>” labels. 

System labels are managed by the system. They cannot be modified manually. 

2. Custom Labels 

An administrator can create any labels using any naming convention. They can be based on the structure of your organization, or on the criticality of your operations. Or they can be just a random collection of devices. For example, you may wish to create groups such as a group containing all the security devices in a physical location. Devices can belong to multiple labels that meet your organization’s needs. 

Create a Label

Navigate to Devices, select the devices you want to be included in the new label. Hover over to the top right icons, click on the Manage Labels icon. Type in the name of the label and click on the new name (create new) row. A label will be created. 

View/Verify a Label

From Devices, click on All Labels. The system will display the list of labels. Select the label you want to verify or view and click Apply. 

The system will display the list of devices. 

Modify a Label

Whether it is adding a new device or removing a device from an existing label, you have to start by first removing all the devices from the label, then re-add them with the new device list. Let’s look at an example. From the previous screen capture, the device label site1-fw consists of two Check Point firewalls and a Palo Alto Networks firewall. Now you want to add a BlueCoat device to this label. Follow these steps:

1. Remove the three devices from the label, new-label. 

Select the three devices you want to remove from new-label as shown below. 

Then click Apply to remove these devices.

2. Verify that the three devices have been removed by clicking on the Labels drop down menu.  

3. Next, add the three devices back plus the BlueCoat device as shown below. 

Please Note: For auditing and debugging purposes, a log entry is added to indicate whenever a new label is created or a label is updated with the relevant information.

Suspend Data Collection in Maintenance Mode

If you need to put automation on hold while you take care of things like system maintenance and device upgrades, you can temporarily suspend a device. Suspension takes effect immediately and data collection halts. Maintenance mode enables you to avoid any alerts or errors that might occur when a device is taken offline for maintenance. Don’t forget to resume the device manually once the device is online again, or specify the duration to automatically resume data collection.  

Suspend a Device

  1. Locate the device you want to suspend. 
  2. Select the device, click the double vertical bar on the top left. 

Resume a Device

  1. Locate the device you want to resume automation.
  2. Select the device, click the start arrow icon on the top left. 

Please Note: In 7.9.0, you have the option to automatically resume automation by specifying a period of time for multiple devices

Suspend Alerting while data collection continues

Please Note: In 7.11.0, you have the option to stop receiving alerts while data is being collected.

If you need to put automation on hold but you do not want to halt data collection, use the Suppress Issues option instead of the Suspend option. 

Suppress Issues

  1. Locate the device you want to stop alerting.
  2. Select the device (you can select multiple devices), click the Suppress Issues button on the top left as shown below.

Start Alerting

If you did not specify the duration of how long you want alerting to be suspended, you can manually change the setting. 

  1. Locate the device.
  2. Select the device (you can select multiple devices), uncheck to start receiving alerts again.

Upgrading the firewall hardware or changing the device name/IP address

It is sometimes necessary that the firewall hardware be upgraded to ensure optimal firewall performance. Depending on your requirements, you can use the following procedures to place the device into maintenance mode before the upgrade or change. Generally speaking, it is recommended that you suspend the device during maintenance while the device might be down for a period of time to prevent alert messages. 

ScenarioRequirementsProcedure
1 – Device h/w upgrade, keep historical dataUse the same name & IP addr. Keep historical data.This is the most common scenario.1 – Suspend the device temporarily & replace the hardware. 2 – Resume management to cause a re-interrogation to discover the new hardware.
2 – Device h/w  upgrade no historical dataUse the same name & IP addr but no historical data. 1 – Delete the device. Replace the hardware.2 – Add a new device using the same name & IP addr. Interrogation discovers the new hardware.
3 – Device h/w upgrade & change device nameChange device name, e.g. to reflect the new model #. Use the same IP Addr & keep historical data.Not supported.
4 – Device h/w upgrade, change device name & no historical dataChange device name, e.g. to reflect the new model #. Use the same IP Addr & keep historical data.1 – Delete the device. Replace the hardware.2 – Add the device back with a new name and the same IP addr. The system will treat this as a new device. Historical information will be removed from the system. Interrogation discovers the new hardware.
5 – IP addr change, same h/wUse the same device name. Keep historical info about the site. Not supported. 
6 – IP addr change, same h/w new nameUse a different name. Keep historical info about the site.1 – Suspend the device indefinitely so it doesn’t unnecessarily deplete the license count.2 – Add a device with a new IP address and new name. Interrogation rediscovers the device. 3 – Run reports of the device, once for the device with the old name, and once with the new name.