In order for LiveAssurance to run its full set of intelligent knowledge checks, you need to Create a user in the management system for the device you want to add, then add that user to a credential set. We recommend creating a unique user for auditing and security purposes.
The privilege level required varies depending on the device type. When possible, we avoid the need to use an administrative account for accessing the device, but in some cases, it cannot be avoided due to limitations to the network device.
If communication between LiveAssurance and the analyzed devices passes through a firewall, please allow the following:
-
SSH (TCP 22) – Used for collecting information from the analyzed devices.
-
HTTPS (TCP 443, 8082)
-
SNMP – Used for collecting information from the analyzed devices.
Refer to the chart below for vendor port requirements:
| DEVICE VENDOR | SSH PORT | HTTP PORT | SNMP |
|---|---|---|---|
| BlueCat | 22 | 443 | √ |
| Blue Coat | 22 | 8082 | x |
| Check Point | 22 | x | x |
| Cisco | 22 | x | √ |
| F5 | 22 | 443 | x |
| FireEye | 22 | x | x |
| Fortinet | 22 | 443 | x |
| Gigamon | 22 | x | x |
| Juniper | 22 | x | x |
| Palo Alto Networks | 22 | 443 | √ |
| Radware | 22 | 443 | x |
| Symantec | 22 | x | x |
| Zscaler | 22 | x | x |
Common Communication Issues
If the LiveAssurance server is unable to communicate with the device, it will return an error. The most common reasons for a communication issue are:
-
An issue with the credentials – either
-
You have mistyped the username/password in the Credential Set
-
The device’s IP Address is not in the subnet(s) assigned to the Credential Set
-
Those credentials don’t exist on that device or don’t have the correct permissions
-
Missing Privileges Password for the following Vendors/Products:
-
Bluecoat Proxy
-
Cisco ASA
-
FireEye NX
-
Gigamon Gigavue
-
Symantec CAS
-
-
-
Connectivity issues between the device and the LiveAssurance server. This could be
-
Basic connectivity between LiveAssurance server and device. The easiest way to test this is to log on directly to the LiveAssurance server’s Linux interface and ping the device.
-
SSH connectivity between the LiveAssurance server and the device. Validate that SSH is enabled on the device using port 22.
-