DX Unified Infrastructure Management

Hello folks, 
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

Perhaps net_connect, it can monitor via TCP. 
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar
------------------------------

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

The snmpcollector uses snmp for all monitoring.
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

Security shutting down ICMP but not SNMP? Usually it is the opposite. If you use TCP the word ping may still be in the alarm but I hope it is not using a UDP type protocol. What about using service port monitoring like Nimsoft 48000 in net_connect. To use snmp you would need a snmp listener enabled on your servers, which is shunned by security folks. You may need to run a "wireshark" type program to test what net_connect actually does but from memory the Service option should work for you if not  the TCP.
Original Message:
Sent: 10-22-2021 08:24 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

The snmpcollector uses snmp for all monitoring.
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

You can't configure net_connect not to send the ping but you can configure the message that's generated when the ping fails. Just make the level "clear" for the error message or select the "OK" message for the connection failed message in the configuration.

And the level of security that you gain in blocking ICMP is trivial if the server is otherwise reachable. 

One thing, depending on whether these systems are capable of it or not is to add an additional "maintenance" network adapter that isn't reachable from anything other than the system that's running net_connect and use that to ping.

Someone who's already subverted your network enough to run a ping against a local address isn't going to be thwarted by a ping response failure. Blocking ping is kind of like adding a deadbolt to a screen door. Sure it's locked tighter but it's not going to slow someone down any more than not but it will make your life more onerous as you have to now deal with two keys to get in.....
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

Hello,

You can configure net_connect to not ping. You just need to uncheck the icmp monitoring

And you create a "service" profile to monitor a port on the server.

Thanks

Original Message:
Sent: 10-22-2021 02:17 PM
From: Garin Walsh
Subject: Network connectivity monitoring in UIM

You can't configure net_connect not to send the ping but you can configure the message that's generated when the ping fails. Just make the level "clear" for the error message or select the "OK" message for the connection failed message in the configuration.

And the level of security that you gain in blocking ICMP is trivial if the server is otherwise reachable.

One thing, depending on whether these systems are capable of it or not is to add an additional "maintenance" network adapter that isn't reachable from anything other than the system that's running net_connect and use that to ping.

Someone who's already subverted your network enough to run a ping against a local address isn't going to be thwarted by a ping response failure. Blocking ping is kind of like adding a deadbolt to a screen door. Sure it's locked tighter but it's not going to slow someone down any more than not but it will make your life more onerous as you have to now deal with two keys to get in.....
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------

Thank you every one for you responses.
Finally, we were able to monitor the servers via TCP and we could generate the alarms.

Once again thanks to all.

------------------------------
Regards,

Eshwar
------------------------------

Original Message:
Sent: 10-25-2021 11:31 AM
From: Guillaume Briere
Subject: Network connectivity monitoring in UIM

Hello,

You can configure net_connect to not ping. You just need to uncheck the icmp monitoring

And you create a "service" profile to monitor a port on the server.

Thanks

Original Message:
Sent: 10-22-2021 02:17 PM
From: Garin Walsh
Subject: Network connectivity monitoring in UIM

You can't configure net_connect not to send the ping but you can configure the message that's generated when the ping fails. Just make the level "clear" for the error message or select the "OK" message for the connection failed message in the configuration.

And the level of security that you gain in blocking ICMP is trivial if the server is otherwise reachable.

One thing, depending on whether these systems are capable of it or not is to add an additional "maintenance" network adapter that isn't reachable from anything other than the system that's running net_connect and use that to ping.

Someone who's already subverted your network enough to run a ping against a local address isn't going to be thwarted by a ping response failure. Blocking ping is kind of like adding a deadbolt to a screen door. Sure it's locked tighter but it's not going to slow someone down any more than not but it will make your life more onerous as you have to now deal with two keys to get in.....
Original Message:
Sent: 10-22-2021 07:17 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Thanks for your David,
As you suggested, I have enabled TCP monitoring on the server but still it's looking for the ping response as per the alarms. I have attached snippet below.



Does SNMPcollector probe uses ICMP response to track reachability of the server? if no, can we use SNMPcollector probe instead of net_connect? Please suggest!

------------------------------
Regards,

Eshwar

Original Message:
Sent: 10-20-2021 11:28 AM
From: David MICHEL
Subject: Network connectivity monitoring in UIM

Perhaps net_connect, it can monitor via TCP.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/net-connect-network-connectivity-monitoring/net-connect-network-connectivity-monitoring-release-notes.html
Original Message:
Sent: 10-20-2021 11:23 AM
From: Eshwar K
Subject: Network connectivity monitoring in UIM

Hello folks,
My customer has disabled ICMP (ping) option in the servers due to security vulnerabilities so we can't use net_connect probe to monitoring ICMP connectivity. Is there any other way to monitor connectivity of servers? Please suggest if any one came across this situation.

------------------------------
Regards,

Eshwar
------------------------------