Advanced Threat Protection

 View Only

Precautions before deploying Symantec ATP 

Aug 25, 2016 01:10 PM

This document lists out the precautions you need to take before deploying ATP. I will list out in detail the issues I face over here:

1. Never keep the management IP address and the inline IP address of the scanner in the same subnet. This jeapordizes the topology of the network.

Symantec Engineering details how to create this error in a lab scenario:

Steps to reproduce in a test lab environment:

  1. Deploy ATP appliance
  2. Run bootstrap. assign mgmt IP address 172.19.248.94, Gateway 172.19.248.1
  3. Set Mgmt server IP address 10.180.248.95
  4. From Mgmt server, visit  Appliance UI, select this remote scanner, assign inline IP address as 10.180.248.94, Gateway 10.180.248.1
  5. At remote Scanner admin console, run bootstrap (re-bootstrap) this time, assign mgmt IP address as 10.180.248.94, Gateway 10.180.248.1
  6. After a reboot, both mgmt and inline ip becomes same, and cause n/w topology jeopardized.

In case, you face the error, follow the steps below for resolution:

Steps to resolve at the scanner:

  1. At the admin CLI of the scanner, to bring br0 device down, type: ifconfig br0 down
  2. To check routing table and mend them if necessary, type: route -n
  3. Check output to see 10.180.248.1 is set as default gw on eth0
  4. Once n/w to mgmt is reachable by ping/traceroute , visit Mgmt server UI, update inline ipaddress

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.