Transcription
SkyboxReference Guide9.0.800Revision: 11
Proprietary and Confidential to Skybox Security. 2019 Skybox Security,Inc. All rights reserved.Due to continued product development, the information contained in thisdocument may change without notice. The information and intellectual propertycontained herein are confidential and remain the exclusive intellectual property ofSkybox Security. If you find any problems in the documentation, please reportthem to us in writing. Skybox Security does not warrant that this document iserror-free.No part of this publication may be reproduced, stored in a retrieval system, ortransmitted in any form or by any means—electronic, mechanical, photocopying,recording, or otherwise—without the prior written permission of Skybox Security.Skybox , Skybox Security, Skybox Firewall Assurance, Skybox NetworkAssurance, Skybox Vulnerability Control, Skybox Threat Manager, SkyboxChange Manager, Skybox Appliance 5500/6000/7000/8000/8050, and theSkybox Security logo are either registered trademarks or trademarks of SkyboxSecurity, Inc., in the United States and/or other countries. All other trademarksare the property of their respective owners.Contact informationContact Skybox using the form on our website or by emailinginfo@skyboxsecurity.comCustomers and partners can contact Skybox technical support via the SkyboxSupport portal
ContentsIntended Audience . 9How this manual is organized . 9Related documentation . 9Technical support . 9Part I: Tasks . 11Managing tasks . 12Requirements. 12User roles and tasks . 12Working with tasks . 13Task properties . 17Task messages . 19Device access management . 19Using CyberArk for device password management . 21Quick reference for data collection . e:reference:reference:reference:reference:Firewall configuration collection . 24Firewall traffic log and audit log collection . 29Proxies, VPN devices, and IPS devices. 30Load balancers . 31Routers, switches, and controllers . 32Scanners and operational technology . 35File import tasks . 38Import directory tasks . 38Data formats for file import tasks . 42Basic file import tasks . 46Advanced file import tasks . 48Collector file import tasks . 50Advanced collector file import tasks . 51Generic CSV file import tasks . 52Juniper SA files import tasks . 57Script invocation tasks . 57Importing interface and routing configuration. 59Firewall configuration tasks . 61Blue Coat proxy . 62Check Point FireWall-1 firewall . 65Check Point Provider-1 CMA . 78Check Point Gaia firewall . 86Check Point Security Management . 87Cisco Firepower Management Center . 91Cisco PIX/ASA/FWSM firewall . 93Cisco Security Manager . 98Skybox version 9.0.8003
Skybox Reference GuideDell SonicWALL firewall . 100DioNIS firewall . 102DPtech firewall . 103Forcepoint NGFW appliance . 104Fortinet FortiGate firewall . 106Fortinet FortiManager Security Management appliance . 111Genband firewall . 114Huawei Eudemon firewall . 116Juniper Networks Junos firewall . 118Juniper Networks Junos Space Network Management Platform . 121Juniper Networks NetScreen firewall . 123Juniper Networks Network and Security Manager. 126Linux iptables firewall. 128McAfee Enterprise (Sidewinder) firewall . 129Palo Alto Networks firewall . 131Palo Alto Networks Panorama . 134Sidewinder G2 (McAfee Enterprise) firewall . 136Sophos Unified Threat Management firewalls. 138VMware vShield Edge firewall . 139Firewalls implemented in software . 140Firewall rule usage analysis tasks . 143Syslog traffic events . 143Check Point FireWall-1 activity log data (LEA collection) . 152Examples of syslog records for rule usage analysis . 156Firewall change tracking tasks . 159Importing syslog change tracking events . 159Check Point FireWall-1 change events (audit log data) . 164Examples of syslog records for change tracking . 166IPS tasks . 168Trend Micro (HP) TippingPoint IPS devices . 168McAfee IPS devices . 170IBM Proventia G appliances . 171Load balancer tasks . 173A10 Networks load balancer . 173Brocade ADX load balancer . 176Cisco ACE load balancer . 177Cisco CSS load balancer . 179Citrix NetScaler load balancer . 181F5 BIG-IP load balancer. 183Radware Alteon load balancer . 188Radware AppDirector load balancer . 189Radware WSD load balancer . 191Router, switch, and wireless controller tasks. 194Arista Networks router . 194Aruba Networks wireless controller . 196Avaya router . 198Skybox version 9.0.8004
ContentsAvaya ERS routing switch . 199Brocade VDX router . 202Cisco IOS router . 203Cisco Nexus router. 210Cisco Wireless LAN Controller . 214Dionis NX router . 215Enterasys router . 217Extreme Networks router . 219Juniper Networks MX router . 221HP ProCurve router . 221Huawei router . 223H3C router. 225Nortel Passport 8600 router . 227Vyatta router . 229Scanner tasks . 232Guidelines for setting up scanner tasks . 232BeyondTrust Retina scanner. 233McAfee Vulnerability Manager (Foundstone) scanner . 234IBM Security AppScan . 236IBM Security SiteProtector System. 237Qualys QualysGuard scanner. 239Rapid7 Nexpose scanner. 243Tenable Network Security Nessus scanner . 245Tenable Network Security Tenable.sc . 247Tripwire IP360 scanner. 248WhiteHat Sentinel scanner . 250Blacklists . 251Operational technology tasks . 254Claroty operational technology . 254CyberX operational technology . 255SecurityMatters operational technology . 256Cloud and virtualization tasks . 259Amazon Web Services . 259Cisco ACI . 262Microsoft Azure . 263VMware NSX and vSphere . 265Management systems tasks . 268BMC BladeLogic Network Automation . 268ForeScout . 269HPE Network Automation . 271IBM BigFix . 272IBM z/OS . 273McAfee ePolicy Orchestrator . 274Microsoft SCCM . 275Microsoft WSUS . 277Red Hat Satellite . 279SolarWinds NCM .
Sidewinder G2 (McAfee Enterprise) firewall .136 Sophos Unified Threat Management firewalls.138 VMware vShield Edge firewall .139 Firewalls implemented in software .140 Firewall rule usage analysis tasks.143 Syslog traffic events .143 Check Point FireWall-1 activity log data (LEA collection) . 152 Examples of syslog records for rule usage analysis . 156 Firewall .
