Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sophs XGS4300 Firewall not being detected correctly #535

Open
Kvoo opened this issue Nov 27, 2024 · 0 comments
Open

Sophs XGS4300 Firewall not being detected correctly #535

Kvoo opened this issue Nov 27, 2024 · 0 comments
Labels
assigned-to-project with-snmpwalk

Comments

@Kvoo
Copy link

Kvoo commented Nov 27, 2024
edited
Loading

When trying to discover our XGS4300 Firewall via SNMP, no device information is filled out. Ports and the different Interface IP Adresses ARE discovered, but without any neighbors.

Expected Behavior

On Discovering the device (Sophos XGS4300 Firewall) via Netdisco, the Information fields are filled out, the layers are displayed and Neighbors, VLANS, etc. are detected.

Current Behavior

After discovering the device, looking at the details in the Web-Interface reveals that the following fields are empty:

  • Vendor / Model
  • OS / Version
  • Serial Number(s)

Additionally, no Layers are detected which means Arpnip and Macsuck can't be used.

The Ports, and Addresses Tabs are filled out correctly, however there are no Neighbors, Modules or VLANs detected.

image

This issue effectively means that we cannot properly automatically discover the Network - the Firewall acts as the Router between every IP Range we are Using and is also the only way to get to the WiFi APs (which we would also like to map, though they do not have their own SNMP).

According to documentation, this is also the Reason that our Connected Nodes do not get resolved wia ARP / DNS into IP-Adresses and Hostnames, since for that to work a Router has to be properly discovered. Though I wonder if that's true in this case, since the Netdisco Server CAN reach the Internal DNS Servers.

I'm thinking about trying it via SSH discovery, though I haven't tried that before.

Device Information:

  • Vendor: Sophos
  • Device Model: XGS4300
  • Operating System Version: SFOS 20.0.2 MR-2-Build378
  • Snmpwalk output of .1.3.6.1.2.1.1:

I am a bit confused about this: looking at the output of snmpwalk gives me OIDs starting with iso.3....
Adding .1.3.6.1.2.1.1 to the command still gives me some output though, but still the OIDs start with "iso". Here's the output, command in the top line. I've replaced any sensitive data.

netdisco@svnd01:~$ snmpwalk -v 2c -c public -M netdisco-mibs/ 10.113.187.1 .1.3.6.1.2.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "SNMP"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.2604.5
iso.3.6.1.2.1.1.3.0 = Timeticks: (577719797) 66 days, 20:46:37.97
iso.3.6.1.2.1.1.4.0 = STRING: "ADMIN NAME"
iso.3.6.1.2.1.1.5.0 = STRING: "SVSOPHOS01"
iso.3.6.1.2.1.1.6.0 = STRING: "HG-UG"
iso.3.6.1.2.1.1.8.0 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.2.1.4
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.2.1.49
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.2.1.50
iso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.6.3.16.2.2.1
iso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.6.3.10.3.1.1
iso.3.6.1.2.1.1.9.1.2.7 = OID: iso.3.6.1.6.3.11.3.1.1
iso.3.6.1.2.1.1.9.1.2.8 = OID: iso.3.6.1.6.3.15.2.1.1
iso.3.6.1.2.1.1.9.1.2.9 = OID: iso.3.6.1.2.1.10.131
iso.3.6.1.2.1.1.9.1.3.1 = STRING: "The MIB module for managing IP and ICMP implementations"
iso.3.6.1.2.1.1.9.1.3.2 = STRING: "The MIB module for SNMPv2 entities"
iso.3.6.1.2.1.1.9.1.3.3 = STRING: "The MIB module for managing TCP implementations"
iso.3.6.1.2.1.1.9.1.3.4 = STRING: "The MIB module for managing UDP implementations"
iso.3.6.1.2.1.1.9.1.3.5 = STRING: "View-based Access Control Model for SNMP."
iso.3.6.1.2.1.1.9.1.3.6 = STRING: "The SNMP Management Architecture MIB."
iso.3.6.1.2.1.1.9.1.3.7 = STRING: "The MIB for Message Processing and Dispatching."
iso.3.6.1.2.1.1.9.1.3.8 = STRING: "The management information definitions for the SNMP User-based Security Model."
iso.3.6.1.2.1.1.9.1.3.9 = STRING: "RFC 2667 TUNNEL-MIB implementation for Linux 2.2.x kernels."
iso.3.6.1.2.1.1.9.1.4.1 = Timeticks: (0) 0:00:00.00
iso.3.6.1.2.1.1.9.1.4.2 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.3 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.4 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.5 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.4.6 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.4.7 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.4.8 = Timeticks: (2) 0:00:00.02
iso.3.6.1.2.1.1.9.1.4.9 = Timeticks: (2) 0:00:00.02

I have also attached a full snmpwalk with redacted sensitive data.
XGSsnmpwalk.txt

This is a freshly installed instance, here's the Versions from the WebGUI:

Versions:

App::Netdisco 2.80.3
SNMP::Info 3.972.2
DB Schema: 89
PostgreSQL: 16.00.4
Perl / Python: 5.38.2 / 3.12.3
@ollyg ollyg added assigned-to-project With snmpwalk snmpwalk attached with-snmpwalk and removed With snmpwalk snmpwalk attached labels Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
assigned-to-project with-snmpwalk
Projects
Vendor Support
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ollyg @Kvoo