KB Archive

For customers who have installed the Ubuntu version of the NP-View OVF, this package is designed to update Docker and Ubuntu to the following versions:
# Docker version 27.1.2, build d01f264
# Kernel version 5.15.0-118-generic
# Ubuntu version Ubuntu 22.04.4 LTS

# Download the update package
# verify the checksum: 7D510280D6901502B7210EADC284B351F49C0AE6F40D9030A99C5A6A17B6444F

# SSH into the NP-View server
sudo su –
cd /root/
mkdir updates
cd updates
# copy update-packages-08-14-24.zip to the updates folder on the np-view server
unzip update-packages-08-14-24.zip
cd update-packages-08-14-24
# install all packages
export DEBIAN_FRONTEND=noninteractive && dpkg -i *.deb
reboot
# .zip and .deb files can be removed after reboot.

The Help Center can be found on the system menu on the upper right corner of the topology.

The Help Center will display warnings or errors identified during the import of device files.

The information in the help center is designed to provide information for the tech support team to help diagnose the issues.

There are many types of possible errors including:

  1. Invalid file formats (e.g., .gif or .png)
  2. Improperly formatted files (files exported as text but loaded into a word processors where extra characters are added before saving).
  3. Incomplete set of files (many devices require more than one file for import this includes Palo Alto and IP tables)
  4. Misconfigured files where rules or objects are undefined.

Every customer has a different environment and possible device configurations. We sometimes run into a situation where the parser cannot handle the device as configured. When this happens, we request the customer to sanitize the config file on the NP Portal and upload the file for debug purposes. Support from our customers is important for us to quickly remediate parsing issues unique to a device or specific file.

The Help Center provides a download for the error log which can be submitted to technical support through the support portal.

When we improve a data or analysis feature or fix an issue, the improvement may not be visible until new data is ingested, or another action is taken.

New Data or Warnings identified during file parsing

When we improve a parser, upon next import, we will apply the new rules and import the new or corrected data. Only the workspace where the new file(s) are imported (manual or connector) will receive the new data. All views, in that workspace, that contain the imported device(s), will be updated with the new data.
No other workspaces will be impacted.

The impact of this is that some workspaces will have the new data, some will not, resulting in data discrepancies across workspaces. Additionally, only the devices being imported will contain the new or updated data within a view.

To ensure the entire workspace is current, users can manually re-import data into their existing workspace. Alternatively the user can clone an existing connector to pull data into the workspace (Note: connectors perform a checksum to see if a file has already been imported and ignore it if we have imported it already.)

Data created during Merge / Analyze

When we improve merge (topology generation) or analyze (path creation), upon next import or the creation of a new view, we will apply the new rules. Only the views, in that workspace, that contain the new file(s), will be merged and analyzed.  All other views will not be impacted.

The impact is that some workspaces and views will have new analysis results, some will not, resulting in data discrepancies across views and workspaces.

To ensure the entire workspace is current, users can manually re-import data into their existing views or create new views.

Risks and Warnings

When we improve risk alerts, upon next import, we will apply the new policies and requirements. Only the workspace where the new file(s) are imported (manual or connector) will receive updated risks. Upon import and after the views are updated, the risk alerts will be updated. No other workspaces will be impacted.

The impact is that some workspaces will have new risk alerts, some will not, resulting in data discrepancies across workspaces.

To ensure the entire workspace is current, users can manually re-import data into their existing views or users can reset the risks for any workspace in the Policy manager which will remove all current risks and rerun the risks for that workspace.

The Connectivity Matrix illustrates port access between devices and interfaces.  This allows users to analyze and confirm communication between interfaces.

Each row or column header cell contains four pieces of information.

  • Interface Name
  • Alias
  • IP Address
  • Security Zone

Each cell will contain connectivity information

  • Red pill: Denied – No access
  • White pill: IP, TCP, UDP/Any – open access
  • Green pill: Port specific access

The Connectivity Matrix is accessible from the device Info panel

Saving the Matrix

Two paths to save and document The Connectivity Matrix for your organization to use as an artifact:

  • Copy and Paste directly into Excel or Sheets
  • Step 1
    • Create the connectivity matrix
  • Step 2
    • Copy all cells directly to Excel
  • Or
  • Take a screenshot

When was it introduced?

  • Beginning with NP-View Version 5.0 (release notes) users will now have access to a new feature called the Interfaces Report.

What does it do?

  • View Level Interfaces Report: Displays all information available for the interfaces in the View and their connectivity
  • Device Level Interfaces Report: Displays all information available for the interfaces on the selected Device and their connectivity

Where are they located?

View Level Interfaces Report: Available from the Main Menu

Device Level Interfaces Report: Available from a selected device’s Information Panel

When was it introduced?

  • Beginning with NP-View Version 5.0 (release notes) users will now have access to a new feature called the Routes Report.

What does it do?

  • Displays all information available for the Routes on the selected Device.

Where is the Routes Report located?

Available from a selected Firewall’s Information Panel

When was it introduced?

  • Beginning with NP-View Version 5.0 (release notes) users will now have access to a new feature called the NAT Rules Report.

What does it do?

  • Displays all information available for NAT Rules on the selected Device.

Where is the Routes Report located?

Available from a selected Firewall’s Information Panel

Segmentation Analysis via the Zone Matrix

When was it introduced?

  • Beginning with NP-View Version 5.0 (release notes) users will now have access to a new feature called The Zone Matrix.

What does it do?

  • The Zone Matrix leverages the visual zones that users create on the topology map to create a matrix that illustrates access between these visual zones. This allows users to analyze and confirm segmentation and access.

Where is it located?

  • The Zone Matrix is accessible from both the Main Menu and the Manage Zones panel
  • On every view that contains Zones
  • Except for the Home View (there is no path analysis on the Home View)

           

Saving the Matrix

Two paths to save and document The Zone Matrix for your organization to use as an artifact:

  • Copy and Paste directly into Excel or Sheets
  • Step 1
    •      
  • Step 2
  • Or
  • Take a screenshot

This section describes how to update the NP-View Server application and the underlying components if the OVF was used for the initial installation.

Updating the NP-View Server Application

To update an existing NP-View Application, the steps are:

  1. Download the latest release Linux Installer Release (not the .OVF) from the Network Perception Portal and copy it onto your NP-view server using SCP (or WinSCP from a Windows client)
  2. Login onto the NP-View server using SSH (or Putty from a Windows client)
  3. Get root permissions using the command: sudo -i
  4. Prior to installing the new version, it is recommended to make a backup of your database (see below)
  5. Execute the new NP-View release file using the command: sh NP-View_installer.sh  (where NP-View_installer.sh is the name of the new release file downloaded in step 1).
  6. Follow the guided steps of the installer, which will automatically start NP-View once the update is complete.
  7. Connect to the user interface of NP-View using your web browser and check in the bottom-left corner of the home page that the version number matches the new release

Updating the NP-View Application to version 5 and above

Prerequisites

  • Please update your current version of NP-View to version 4.3.5. Both Server and Desktop must be on this version before starting your upgrade.

For NP-View Server:

  • Verify there is sufficient disk space for the upgrade (3x size of Redis db).
  • If not follow log cleanup procedure listed in KB (~250MB possible).
  • If still insufficient space, disk space will need to be added before upgrade.
  • Verify all users are logged out of the system to not lose data during update.

Back-Up NP-View database

NP-View Desktop

  1. Copy the 4.3.5 database folder to a safe location. This will allow you to keep a back up 4.3.5 in the case you would want to revert back to 4.3.5
    • C:\Users\<name>\AppData\Roaming\NP-View\db
  2. Download NP-View from the portal and install.
  3. Starting the application may take longer than usual as a one-time database maintenance operation is being performed.

NP-View Server

Option 1:

  1. SSH as the root user to Terminal of NP-View server
    • ssh root@<ip-of-guest-os>
    • If needed sudo -i or sudo su will give you admin privileges once you are logged in.
  2. Move to the NP-View (np-live) app directory
    • cd /opt/np-live
  3. Stop the app
    • sh ./stop_NP-Live.sh
  4. The db directory contains all of the NP-View data. Create a tarball of the directory
    • tar -czf np-view-v4.3.5-db-backup.tar.gz db
  5. Move the file to a safe location.
    • Note: This file will allow you to revert back to 4.3.5.

Option 2 (This option is only available if your server is a VM):

  • Your server admin can take a snapshot image of the server as a restore instance. This tends to be easier and quicker for most of the customers that we have worked with.

Once you have a back up and have updated to 4.3.5, please download version 5+ and follow the instructions listed in the above section “Updating the NP-View Server Application“.

NP-View Server Migration

Prerequisites

  • Follow the instructions above to update the NP-View CentOS server to the latest NP-View version.
  • Create a VM using the latest version of the NP-View Server OVF.
  • Both Servers need to be running to perform the migration.
  • Users should be logged out of NP-View and close any active session before restoring.

CentOS Migration to Ubuntu for NP-View Server

  1. Use backup and restore script.
    • sudo -i (This should take you to the root folder)
      • Enter credentials if prompted.
    • To run shell script: /opt/NP-Live/NP-View_backupand_restore.sh
      • There will be 3 options when using the script.
      • Backup
      • Restore
      • Exit
    • The script will check disk space when creating the backup.
    • The script will notify you if the storage is full and stop running.
  2. Move the CentOS tar file to the Ubuntu server’s root directory.
    • sudo -i (This should take you to the root folder)
    • Enter credentials if prompted.
    • To run shell script: /opt/NP-Live/NP-View_backupand_restore.sh
      • Select restore
      • The script gives a final warning before running.
      • The script checks if the docker containers are running.
  3. Once the script is completed it will notify you.
    • Connect to the web interface and verify data is transferred.
    • If you are unable to connect to the web interface restart NP-View service once the upgrade is complete.

Get Version API call

To check the version update your server URL to the following

https://<np-view_server_address>/version

Backing up the NP-View Server Database

  1. Stop the NP-View Server (you can use the script /opt/np-live/stop_nplive.sh)
  2. From the NP-View Server folder (by default: /opt/np-live/, run the command: tar -zcf db_backup_$(date '+%Y_%m_%d').tgz db (this command may take few minutes to complete)
  3. Run the new release installer, which will update the containers and then launch NP-View Server

Updating CentOS 7 and Docker

If the OVF was used for the initial installation, that package included the CentOS 7 operating system and Docker. These applications must be updated separately from the NP-View Server Application using the below instructions. The instructions cover NP-View Servers that have internet access and those that do not have internet access.

CentOS will be EOL June 30, 2024. We recommend customers to transition to Ubuntu. Our new OVF uses Ubuntu and instructions for updating Ubuntu will be coming soon.

Updating when the NP-View server has internet access

– stop NP-View
cd /opt/np-live/
./stop_NP-Live.sh

– run all updates
yum update -y

– reboot server
reboot

Updating when the NP-View server does not have internet access

If NP-View server is installed in an environment that does not have internet access, a separate Centos 7 server with Docker that has internet access is required to create the update package. All commands below are case sensitive.

Network-Perception uses this mirror for CentOS updates and this mirror for Docker updates

Centos 7 that is online

– make sure you are root
sudo su -

– create packages directory
cd /root/
mkdir packages
cd packages

– download all packages
yum list installed | awk {'print $1; }' | tail -n +3 | xargs yumdownloader

– you should see docker included in the output list.

– compress archive (capital -C is important)
tar czf /root/packages.tar.gz *.rpm -C /root/packages/

– Copy packages.tar.gz to the offline server. The user can use the below command to scp:
scp packages.tar.gz root@ipAddress:/root/

Centos 7 that is offline running NP-View

– make sure you are root
sudo su -
– stop NP-View
cd /opt/np-live/
./stop_NP-Live.sh

– create directory and extract the archive
cd /root/
mkdir packages/
mv packages.tar.gz packages/
cd packages/
tar -xf packages.tar.gz

– install all updates:
yum -y localinstall *.rpm

– reboot server
reboot

– now everything is up to date on the offline server.

If you get any docker swarm errors:

– make sure you are root
sudo su -

– leave and join swarm cluster
docker swarm leave --force && docker swarm init

The Rule Usage feature helps network admins identify rules for potential elimination due to lack of use. This feature only applies to Palo Alto NGFW (not Panorama).  Rule Usage Analysis (aka Hit Count) requests additional Access Rule usage information from firewalls using the connector. When setting up a new connector, the user will have the ability to enable the extraction of rule usage information:

Note that existing connectors will not be affected and cannot be edited to enable hit count data retrieval.

From the NGFW, we extract four values for each access rule:

  • First Hit – Timestamp of first rule usage
  • Last Hit – Timestamp of last rule usage
  • Hits Updated – Timestamp of last data refresh
  • Hits – Usage count

The information is presented as additional columns in the Access Rules Table.  The four columns are disabled by default and will need to be enabled by the user using the menu at the top right.

Once enabled, the hit count data will be displayed in the Access rules table:

Solutions
NP-View
Network Visibility
Network Auditing
Network Segmentation
NERC-CIP Compliance
Resources
Blog
White Papers
Case Studies
Product Walkthrough
All Resources
Company
About
Partnerships

© 2024 Network Perception. All Rights Reserved.

Privacy PolicyTerms of ServicePCI Compliance