This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Scanning Question re Sophos UTMs
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-25-2017 10:25 PM
I have a couple of Sophos UTMs, one on the local subnet (172.16.x.x) and another on the other end of a VPN connecting us to another facility and a remote subnet (172.17.x.x).
The UTM on the local subnet gets scanned as a Asset Type of Router while the one on the remote subnet is scanned as a Asset Type of Linux.
The remote Linux UTM gathers more and different information than the local Router UTM.
My hunch is that scanning across the VPN to another subnet is probably causing issues. Is there a different way to handle this so results are more predictable?
The UTM on the local subnet gets scanned as a Asset Type of Router while the one on the remote subnet is scanned as a Asset Type of Linux.
The remote Linux UTM gathers more and different information than the local Router UTM.
My hunch is that scanning across the VPN to another subnet is probably causing issues. Is there a different way to handle this so results are more predictable?
Labels:
- Labels:
-
General Discussion
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2017 06:38 PM
Thanks for the info.
Turns out you can't log directly into root on the Sophos UTM. You first have to login as a non-root user first, then su and then login as root.
Lansweeper was able to get the info necessary logged in as the non-root user to identify the Sophos UTM as a Linux system instead of a router.
Turns out you can't log directly into root on the Sophos UTM. You first have to login as a non-root user first, then su and then login as root.
Lansweeper was able to get the info necessary logged in as the non-root user to identify the Sophos UTM as a Linux system instead of a router.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2017 10:27 AM
The way Lansweeper automatically determines asset types is quite complex, but to quickly summarize this functionality: Lansweeper connects to an asset and checks which protocols are available, checks the contents of headers, the results of commands, etc. and uses this information to determine the asset type.
Likely what's causing this discrepancy here is the difference in protocols available on either asset. It's not entirely clear to me if in the Linux UTMs case actual information is being retrieved through SSH or not, but if that's the case and the other asset is identical, enabling SSH on the device may restore parity.
For troubleshooting connectivity issues for non-Windows assets (which includes the determining of asset types) you can make use of devicetester.exe which can be found in the Program files (x86)\Lansweeper\Actions folder on your Lansweeper server. Make sure to run the test directly from your Lansweeper server for an accurate simulation.
On a side note, since you indicate the local UTM is in the local subnet (presumably the same subnet as your Lansweeper server), it may be possible that no protocol is available at all apart from ICMP and that it's still getting scanned. For devices in your Lansweeper server's subnet the MAC address can be retrieved from the ARP table of your Lansweeper server, from which some additional information can be retrieved in return. This is enough data for an asset page to be generated.
Likely what's causing this discrepancy here is the difference in protocols available on either asset. It's not entirely clear to me if in the Linux UTMs case actual information is being retrieved through SSH or not, but if that's the case and the other asset is identical, enabling SSH on the device may restore parity.
For troubleshooting connectivity issues for non-Windows assets (which includes the determining of asset types) you can make use of devicetester.exe which can be found in the Program files (x86)\Lansweeper\Actions folder on your Lansweeper server. Make sure to run the test directly from your Lansweeper server for an accurate simulation.
On a side note, since you indicate the local UTM is in the local subnet (presumably the same subnet as your Lansweeper server), it may be possible that no protocol is available at all apart from ICMP and that it's still getting scanned. For devices in your Lansweeper server's subnet the MAC address can be retrieved from the ARP table of your Lansweeper server, from which some additional information can be retrieved in return. This is enough data for an asset page to be generated.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- SALTO Door Access Controllers in General Discussions
- Deployments keep timing out; any other logs I can find anywhere? in Deployment Packages
- Lansweeper.vbs download in General Discussions
- Monitor not being detected if already an asset? in General Discussions
- Community Highlights W/C 14th August in General Discussions
