Brocade Network Advisor IP User Manual v12.3.0 User Manual
Page 1284
1232
Brocade Network Advisor IP User Manual
53-1003153-01
Policy monitor overview
37
•
Check for HTTPS (secure HTTP) configuration — This switch and router configuration policy
manager enables you to check each target to see if HTTPS is active for device data
transmission.
NOTE
Not supported on Network OS products and the following IronWare products: Ethernet Core
routers, Ethernet Carrier Routers, Ethernet Edge router, and Data Center switch, as well as the
6650 Ethernet switch, router, and L3 router.
The preferred Management application product communication must be HTTPS for this check
to pass.
Rule Violation Fix — If the configuration policy manager report shows a violation, enable HTTPS
on the device. Disable HTTP settings on the device, if enabled.
•
Check if the product is configured to send events to this server — This switch and router
configuration policy manager enables you to determine if the Management application server
is registered as an SNMP recipient and Syslog recipient.
If the server has multiple NICs, the server uses an IP address reachable from the switch for
event registration. This policy cannot determine if the server is using a reachable IP address for
the event registration.
If the Management application server fails to register as a listener for SNMP, Syslog, and other
events, the Management application server cannot notify you of changes to the fabric or
device. If a fabric or switch fails, the Management application cannot provide notification, log,
or support data. Therefore, you may not realize that there is an inconsistency between the
physical device status and the device status in the Management application for some time.
This policy cannot determine if the SNMP trap or syslog listener ports are available or working.
Rule Violation Fix — If the configuration policy manager report shows an “SNMP not registered
as recipient” violation, the Administrator can register the Management server as an SNMP
recipient through the SNMP Trap Recipients dialog box (Monitor > SNMP Setup > Product Trap
Recipients). Refer to
If the configuration policy manager report shows an “Syslog not registered as recipient”
violation, the Administrator can register the Management server as an Syslog recipient through
the Syslog Recipients dialog box (Monitor > Syslog Configuration > Product Syslog Recipients).
Refer to
•
Check for SSH (secure Telnet) configuration — This switch and router configuration policy
manager enables you to check each target to see if SSH is enabled for device data
transmission.
NOTE
Not supported on the following IronWare products: Application products running 12.3.X or
earlier and the 6910 Ethernet switch.
The preferred Management application product communication must be SSH for this check to
pass.
For Network OS verifies SSH access is enabled and telnet access is disabled through the IP
ACL active or applied policy rules. You should verify that the IP ACL active rules deny telnet
access to all.
For IronWare products, verifies SSH access is enabled and telnet access is disabled through
CLI commands.