This article addresses the Security Management System (SMS) feature that allows for the simultaneous addition of multiple devices the SMS while utilizing an IP Addresses file.
Q: How many devices can be managed using the bulk management process?
A: While the IP address file is not restricted, TippingPoint recommends that no more than 30 devices be simultaneously bulk managed. After bulk management of the group is complete:
- Verify all devices managed correctly, if any device failed manage manually.
- Verify virtual segments on the SMS.
- Verify if any Reputation tag category duplicates were created.
Q: How long does it take to add an IPS device to the SMS?
A: This number will vary with the type of device being managed. A fully populated device under heavy traffic load can take anywhere between 1 to 5 minutes, with the high end being at around 10 minutes.
Q: When adding multiple devices to the SMS, does the process happen serially or in parallel?
A: Bulk managing happens in parallel. There are 20 threads dedicated to the bulk management process. The SMS puts the devices to be managed into a queue and at most 20 devices will be processed simultaneously. As one device finishes the management process, it is removed from the queue and another device will be added to the queue until finished.
Q: What is the best practice to monitor the process?
A: The SMS client interface would be the best place to monitor the process.
Q: What to do if things don’t go as expected?
A: Best practice would be to contact the Technical Assistance Center (TAC)
Things to consider:
- Timing – Each managed device will take the SAME amount of time that a device normally takes to be managed; there’s no acceleration in the process, bulk device management simply automates the process.
- Failures - The reality with bulk device management is that some devices may fail to manage on the first attempt. TippingPoint recommends that any devices that failed the bulk management process be managed manually.
- User ID and Password - Bulk device management will only work on groups of devices where the credentials (username and password) are the same.
- Device Groups - Bulk device management will not create Device Groups. Device groups can be created before or after the bulk management process.
- Reputation – In some instances managing devices may result in duplicate reputation tag categories being created on their new SMS.
- Virtual Segments - Virtual segments on the IPS can cause complications with device management. This can lead to a process failure or duplicate virtual segments created. The best practice is to bulk add only un-configured devices, or perform a filter reset before managing the device (a filter reset deletes all virtual segments). You can then reconfigure the virtual segments.
Before You Begin
- You must have SuperUser rights on the SMS to add or delete a device.
- If required, create the group in which the devices will reside.
- When you add multiple devices, they must all use the same authentication (user name and password), and they must all be part of the same device group.
- Create an "IP Addresses file" that contains one valid IP address per line or a comma-delimited list of valid IP addresses
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Devices → All Devices tab screen.
- To add a device do one of the following:
- - On the All Devices screen, click New Device.
- - On the All Devices screen, right-click the screen and select New Device.
- - On the top menu bar, select the File → New → Device.
- The Devices - New Device dialog box displays.
- To add a single device, select Add Device(s), and enter the device IP Address.
- To add multiple devices, select Add Device(s), and enter the device IP addresses, separated by commas.
- To use a text file to add multiple devices, select Add Multiple Devices Using a File, and then click Browse to locate the file.
- Provide the Username and Password for the devices.
- Select a Device Group for the device(s) you are adding.
- Select the appropriate Device Type.
- Optionally, you can click Options in the navigation pane and select from the following new device options:
- Select Synchronize Device Time with SMS to synchronize time on the device with the SMS.
- Select Configure/Clone Options to launch the Device Configuration wizard after the device(s) are added. You can also select Clone an existing device to copy settings from an existing device.
- Click OK.
When a device is successfully added to the SMS, the device appears in the All Devices area and in the navigation tree under the All Devices node. If the device is functioning properly, the Health Status indicator is green. When you add a device, the system saves historical data for the device.
Note: You can add an NGFW appliance to the SMS only after an application enabled Digital Vaccine has been activated.