2.2 Device Communication
In order for Indeni to run its full set of intelligent knowledge checks, you need to Create a User in the management system for the device you want to add, then add that user to a Credential Set. We recommend creating a unique Indeni user for auditing and security purposes.
The privilege level required varies depending on the device type. When possible, we avoid the need to use an administrative account for accessing the device, but in some cases, it cannot be avoided due to limitations to the network device.
If communication between Indeni and the analyzed devices passes through a firewall, please allow the following:
- SSH (TCP 22) – Used for collecting information from the analyzed devices.
- HTTPS (TCP 443, 8082, 8088 or 8443)
- Ping (ICMP Echo) – Devices are pinged regularly by Indeni to ensure they are responding.
- SNMP – Used for collecting information from the analyzed devices.
Please see the below chart for vendor port requirements:
DEVICE VENDOR | SSH PORT | HTTP PORT | SNMP |
BlueCat | 22 | 8088 or 8443 | √ |
Blue Coat | 22 | 8082 | x |
Check Point | 22 | x | x |
Cisco | 22 | x | √ |
F5 | 22 | 443 | x |
FireEye | 22 | x | x |
Fortinet | 22 | 443 | x |
Gigamon | 22 | x | x |
Juniper | 22 | x | x |
Palo Alto Networks | 22 | 443 | √ |
Radware | 22 | 443 | x |
Symantec | 22 | x | x |
Zscaler | 22 | x | x |
Common Communication Issues
If the Indeni server is unable to communicate with the device, it will return an error. The most common reasons for a communication issue are:
- An issue with the credentials – either
- You have mistyped the username/password in the Credential Set
- The device’s IP Address is not in the subnet(s) assigned to the Credential Set
- Those credentials don’t exist on that device or don’t have the correct permissions
- Missing Privileges Password for the following Vendors/Products:
Bluecoat Proxy
Cisco ASA
FireEye NX
Gigamon Gigavue
Symantec CAS
- Connectivity issues between the device and the Indeni server. This could be
- Basic connectivity between Indeni server and device. The easiest way to test this is to log on directly to the Indeni server’s Linux interface and ping the device.
- SSH connectivity between the Indeni server and the device. Validate that SSH is enabled on the device using port 22.