Knowledge Base

Getting Started

Configuring NP-View Server

Getting Started

Once NP-View Server is installed, the application will start automatically. Note that NP-Live has been Rebranded to NP-View Server.  Several of the instructions still correctly refer to NP-Live as we migrate the installation services to the new product names.

If the Linux Administrator wishes to start and stop the application, two helper scripts have been included to aid in these tasks:

  • Stop : sudo /opt/np-live/stop_NP-Live.sh
  • Start : sudo /opt/np-live/start_NP-Live.sh

NP-View Docker IP Conflict

+
If NP-View Docker is using IP addresses that conflict with addresses used on the local area network, the IP addresses used by Docker can be changed as follows:

Create a docker network with the subnet you would like to use:
sudo docker network create --driver overlay --subnet x.x.x.x/x NP-Live_external

Navigate to the np-live install directory (default /opt/np-live):
cd /opt/np-live

Add the following config to local-settings.yml (tab indented to reflect table below):
networks:    
  NP-Live_external:  
    external: true

Replace all instances of the default network in docker-compose.yml to NP-Live_external:
sudo sed -i 's/- default$/- NP-Live_external/g' docker-compose.yml

Stop and start the app:
sudo sh ./stop_NP-live.sh && sudo sh ./start_NP-live.sh

#Note: docker commands (and the start/stop NP-live scripts) will require sudo unless you are the root user or your user is part of the docker group

Version mismatched between two compose files : 3.4 and 3.1

+
When starting NP-View Server, if this error is received, the version number in /opt/np-live/local-settings.yml needs to be at “version: ‘3.4’”. If not at version 3.4, please replace the contents of the local-settings.yml file with the code listed in the Setting the NP-Live Virtual Appliance Time Zone section and set your application time zone accordingly. This file is sticky and will remain after future upgrades. After the update, start the server using the above command.

Upon initial start, the Welcome screen shows the configuration wizard to guide the Administrator through the remaining configuration steps which include:

  1. Authentication
  2. Licensing
  3. Users

Configure Authentication

The following authentication options are available to configure in NP-View Server.

  • Active Directory / LDAP
  • Radius
  • Local

Active Directory or LDAP

For Active Directory or LDAP authentication we use LDAPv3 TLS over port 389.  If the communication returns an exception, we attempt unencrypted communication. We do not support LDAPS.  Before starting, note that setup requires a dedicated Credential Binding Account (LDAP Administrator). The Credentials Binding Account must be included in at least one of the system groups for NP-View Server to query and link the users.

An example of a properly configured LDAP screen on NP-View is below:

The setup page will allow for the definition of three system groups using a Distinguished Name.  A Distinguished Name (often referred to as a DN or FDN) is a string that uniquely identifies an entry in the Directory Information Tree. The format of a DN is: CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com.  Your domain needs to match the DC specified in your DN. For an example DN like above, the domain would be: ‘subdomain.example.com’.

For example:

ldap_group_admin = 'CN=NP-Live Admin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_write = 'CN=NP-Live WorkspaceAdmin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_read = 'CN=NP-Live Viewer, OU=Permissions, DC=ad, DC=np, DC=test'

group_translation = {'Administrator' : ldap_group_admin,
'WorkspaceAdmin' : ldap_group_write,
'Viewer' : ldap_group_read}

Reminder:   The three CN names must be unique or roles will be overlapped in NP-View resulting in features being disabled.

To find the DN on Windows, open a Windows command prompt on your Active Directory server and type the command: dsquery group -name "known group name".

Users assigned to NP-View must login once to get setup within the NP-View database for sharing and transferring of workspaces.  No users exist until after the first login.

Troubleshooting Active Directory Setup

If an error is returned when configuring Active Directory, the steps to troubleshoot are:

Step 1: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check:

dsget group "CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com" -members

Verify that the output shows the expected list of user(s) in that group. If it doesn’t, check your Active Directory group and user configuration.

Step 2: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check, and also replacing USERNAME with your actual username:

dsquery * -Filter "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com)(sAMAccountName=USERNAME))"

If the output is empty, verify that your user in Active Directory has the attribute sAMAccountName set. If not, set it and try the command again. Verify also that the sAMAccountName value matches your AD username value. You can also try to enter the username in the NP-View Active Directory configuration form with the format USERNAME@DOMAIN.

If the output shows the expected list of groups for that user, but NP-View still generates an error, then contact the NP support team.

Radius

Radius authentication requires your server address and secret. Once input, the user can test their connection using their personal login credentials for verification.  Note that for Radius authentication, all users are assigned to the Administrator group.

Welcome: How would you like to authenticate users

Local Authentication

NP-View Server provides an internal mechanism for the administration of users.  During setup, the screen will require the user to setup the Administration account by inputting a user ID and password.  This account will be assigned to the Administrator role and will have access to all system features. An example of a properly configured Local Auth screen on NP-View is below:

User Management

NP-View Server provides a User Management function for users assigned to the the Administrator role. It can be accessed in the user menu at the top right of the screen either on the workspace page or from within a workspace.

User Management – Active Directory or LDAP

Clicking User Management will open a window that shows the LDAP setup information. The left half of the screen allows the user to change the NP-View LDAP settings.  LDAP Auth credentials are required to update the information.  The optional email field override is used as the default email address for the Notification Manager if no email address is provided as part of the LDAP credentials.

The right half of the user management screen allows for the testing of each LDAP user and will retrieve their LDAP settings for review.

User Management – Local Authentication

Clicking User Management will open a window that shows the user related information associated with this account, their account details, and their account permissions.

From this window Administrators can edit (pencil icon), delete (x icon) or add user accounts (create new user button).

A user’s ID should be the user’s email address (this will be used for notifications) and an administrator-defined password.  Each user will need to be assigned to a role which will provide the user with system wide access.

  1. Administrator – Has access to all users, workspace and system administration functions including managing users and license functions.
  2. WorkspaceAdmin – Has access to all workspace administration functions.
  3. Viewer – Has read only access to the system.

Reset Authentication

The Administrator can also reset the authentication method entirely by selecting the “Reset authentication system” link. “Reset authentication” only resets the authentication and does not remove any workspaces or data.  Note that workspaces are assigned to user id’s.  If the authentication method (or user id format) is changed, the workspaces will no longer be available to users.  The administrator or workspace admin must utilize the transfer workspace function to assign the legacy workspace to the new user id’s.

Password Reset

  • Workspace Admin or Viewer user groups:  Contact your Administrator who can manually reset your password through the User Management function on the system menu (upper right corner).
  • Admins: connect through SSH to the NP-View server and remove the file db/auth_provider.cfg inside the NP-View application folder (by default: /opt/np-live).
  • Refresh the NP-View web page to show the Welcome screen and reconfigure the authentication.

License and Terms

The Administrator can Show, Upgrade or Renew their license. Licensing terms and legal disclosures are available from the system menu where user management is found.

Configure License Key

After the authentication, the Welcome screen will guide the Administrator through reviewing the EULA and adding the license key. The license key should have been sent to you by email and also posted on the Network Perception portal. If you haven’t received a key, please send a request to support@network-perception.com. Renewed or upgraded license keys can only be installed from the home screen (not from within a workspace) by members of the Administrator group.

Additional Configuration Features

Configure Automatic Updates

NP-View Server can automatically download new releases and update itself if you select “Automatically check for updates”.  Alternatively, you can select “Update NP-View” from the upper right menu or update offline using the following steps:

  1. Download the latest release from the Network Perception portal.
  2. Copy the release file to the NP-View Server using SCP or WinSCP
  3. Connect to the NP-View Server shell using SSH and execute the release file with the command sudo sh NP-View_server_installer.sh

Configure Shutdown and Startup Options

To speed performance on startup, NP-View terminates background processes that are running when the system is gracefully shutdown and clears out all tasks and jobs.  If any processes remain upon startup, they are also terminated. To change the configuration,

  • stop the NP-View Server application.
  • in the docker-compose.yml file for the manager change cancelTasksStartup=True to cancelTasksStartup=False
  • in the docker-compose.yml file for the manager change clearRqStartup=True to clearRqStartup=False Note that the previous setting must also be set to True for this operation to work.
  • start the NP-View Server application.

Configure User Timeout

The system can be configured automatically time out a user after a period of idle days.  The default is set to 30 days. To change the configuration,

  • stop the NP-View Server application.
  • in the docker-compose.yml file for the webserver\environment service, change sessionLengthDays=30 to any positive floating point number representing elapsed days. For Example:
    • 0.5 = 12 hrs
    • 1.5 = 36 hours
    • 30 = 720 hrs.
    • If set to 0, user timeout will default to 30 minutes.
  • start the NP-View Server application.

Timeout for connectors is 1 day and cannot be changed. Also, the timeout value is not static and will be overwritten by the next software update. Prior to restarting after an update, the timeout needs to be reset to the value of choice.

Configure Devices within a Custom View

The system can be configured to allow for more devices within a custom view.  The default is set to 25 devices. To change the configuration:

  • stop the NP-View Server application.
  • in the docker-compose.yml file for the
    • services : manager : environment, change devCountLimit=25 to a positive integer.
    • services : bgmanager : environment, change devCountLimit=25 to a positive integer.
    • services : webserver : environment, change devCountLimit=25 to a positive integer.
  • start the NP-View Server application.

Note: The limit is not static and will be overwritten by the next software update. Prior to restarting after an update, the limit needs to be reset to the value of choice. Note: NP has only tested the system to the default limit. Raising the limit is at the user’s risk as unintended consequences including data loss and the system exhausting system resources may occur.

Configure A Static IP Address on your Linux Server

To set a static IP address for your NP-View Server, follow the instructions in this document.

Updating NP-View Server

This section describes how to update the NP-View Server application and the underlying components if the OVF was used for the initial installation.

Updating the NP-View Server Application

To update an existing NP-View Application, the steps are:

  1. Download the latest release Linux Installer Release (not the .OVF) from the Dragos Portal and copy it onto your NP-view server using SCP (or WinSCP from a Windows client)
  2. Login onto the NP-View server using SSH (or Putty from a Windows client)
  3. Get root permissions using the command: sudo -i
  4. Prior to installing the new version, it is recommended to make a backup of your database (see below)
  5. Execute the new NP-View release file using the command: sh NP-View_installer.sh  (where NP-View_installer.sh is the name of the new release file downloaded in step 1).
  6. Follow the guided steps of the installer, which will automatically start NP-View once the update is complete.
  7. Connect to the user interface of NP-View using your web browser and check in the bottom-left corner of the home page that the version number matches the new release

Updating the NP-View Application to version 5 and above

Prerequisites

  • Please update your current version of NP-View to version 4.3.5. Both Server and Desktop must be on this version before starting your upgrade.

For NP-View Server:

  • Verify there is sufficient disk space for the upgrade (3x size of Redis db).
  • If not follow log cleanup procedure listed in KB (~250MB possible).
  • If still insufficient space, disk space will need to be added before upgrade.
  • Verify all users are logged out of the system to not lose data during update.

Back-Up NP-View database

NP-View Desktop

  1. Copy the 4.3.5 database folder to a safe location. This will allow you to keep a back up 4.3.5 in the case you would want to revert back to 4.3.5some text
    • C:\Users\<name>\AppData\Roaming\NP-View\db
  2. Download NP-View from the portal and install.
  3. Starting the application may take longer than usual as a one-time database maintenance operation is being performed.

NP-View Server

Option 1:

  1. SSH as the root user to Terminal of NP-View server
    • ssh root@<ip-of-guest-os>
    • If needed sudo -i or sudo su will give you admin privileges once you are logged in.
  2. Move to the NP-View (np-live) app directory
    • cd /opt/np-live
  3. Stop NP-View
    • sh ./stop_NP-Live.sh
  4. The db directory contains all of the NP-View data. Create a tarball of the directory
    • tar -czf np-view-v4.3.5-db-backup.tar.gz db
  5. Move the file to a safe location.
    • Note: This file will allow you to revert back to 4.3.5.

Option 2 (This option is only available if your server is a VM):

  • Your server admin can take a snapshot image of the server as a restore instance. This tends to be easier and quicker for most of the customers that we have worked with.

Once you have a back up and have updated to 4.3.5, please download version 5+ and follow the instructions listed in the above section "Updating the NP-View Server Application".

NP-View Server Migration

Prerequisites

  • Follow the instructions above to update the NP-View CentOS server to the latest NP-View version.
  • Create a VM using the latest version of the NP-View Server OVF.
  • Both Servers need to be running to perform the migration.
  • Users should be logged out of NP-View and close any active session before restoring.

CentOS Migration to Ubuntu for NP-View Server

  1. Use backup and restore script.
    • sudo -i (This should take you to the root folder)
      • Enter credentials if prompted.
    • To run shell script: /opt/NP-Live/NP-View_backupand_restore.sh
      • There will be 3 options when using the script.
        • Backup
        • Restore
        • Exit
    • The script will check disk space when creating the backup.
    • The script will notify you if the storage is full and stop running.
  2. Move the CentOS tar file to the Ubuntu server’s root directory.
    • sudo -i (This should take you to the root folder)
    • Enter credentials if prompted.
    • To run shell script: /opt/NP-Live/NP-View_backupand_restore.sh
      • Select restore
      • The script gives a final warning before running.
      • The script checks if the docker containers are running.
  3. Once the script is completed it will notify you.
    • Connect to the web interface and verify data is transferred.
    • If you are unable to connect to the web interface restart NP-View service once the upgrade is complete.

Get Version API call

To check the version update your server URL to the following

https://<np-view_server_address>/version

Backing up the NP-View Server Database Manually

  1. Stop the NP-View Server (you can use the script /opt/np-live/stop_nplive.sh)
  2. From the NP-View Server folder (by default: /opt/np-live/, run the command: tar -zcf db_backup_$(date '+%Y_%m_%d').tgz db (this command may take few minutes to complete)
  3. Run the new release installer, which will update the containers and then launch NP-View Server

Updating Linux Ubuntu and Docker

(Version 5 and up installation with the OVF)

We will be providing update packages for Ubuntu and Docker. Please go to the following page for more information:

https://www.network-perception.com/kb/ubuntu-and-docker-update-packages

Updating Linux CentOS Ubuntu and Docker

CentOS is now EOL as of June 30, 2024. We highly recommend customers to transition to Ubuntu.

If the OVF was used for the initial installation, that package included the CentOS 7 operating system and Docker. These applications must be updated separately from the NP-View Server Application using the below instructions. The instructions cover NP-View Servers that have internet access and those that do not have internet access.

Updating when the NP-View server has internet access:

– stop NP-View
cd /opt/np-live/
./stop_NP-Live.sh

– run all updates
yum update -y

– reboot server
reboot

Updating when the NP-View server does not have internet access:

If NP-View server is installed in an environment that does not have internet access, a separate Centos 7 server with Docker that has internet access is required to create the update package. All commands below are case sensitive.

Network-Perception uses this mirror for CentOS updates and this mirror for Docker updates

Centos 7 that is online:

– make sure you are root
sudo su -

– create packages directory
cd /root/
mkdir packages
cd packages

– download all packages
yum list installed | awk {'print $1; }' | tail -n +3 | xargs yumdownloader

– you should see docker included in the output list.

– compress archive (capital -C is important)
tar czf /root/packages.tar.gz *.rpm -C /root/packages/

– Copy packages.tar.gz to the offline server. The user can use the below command to scp:
scp packages.tar.gz root@ipAddress:/root/

Centos 7 that is offline running NP-View:

– make sure you are root
sudo su -
– stop NP-View
cd /opt/np-live/
./stop_NP-Live.sh

– create directory and extract the archive
cd /root/
mkdir packages/
mv packages.tar.gz packages/
cd packages/
tar -xf packages.tar.gz

– install all updates:
yum -y localinstall *.rpm

– reboot server
reboot

– now everything is up to date on the offline server.

If you get any docker swarm errors:

– make sure you are root
sudo su -

– leave and join swarm cluster
docker swarm leave --force && docker swarm init

Product Tutorials

Change Management

Change Management provides the Compliance Team (Compliance Officer, Compliance Analysts) with capabilities that allow for:

  • Transitioning from point-in-time risk assessment to 24/7 with automated notification.
  • Automating the change review process using ticketing system integration and sandboxing.
  • Leveraging “time machine” to navigate through the network evolution and compare points in time.

Transition to 24×7 Monitoring

Connectors facilitate the configuration of connections to poll devices on a schedule, importing the latest configurations for analysis and automatically analyzing the information within selected workspaces to identify changes and potential risks.

New connector option

Automated change review process

Change tracking automatically records configuration changes and provides the user with the ability to review changes made to the system and review the potential impact of the changes.

tracking table

Network risks related to configuration changes are identified by best practices and user defined rules in the Policy manager.  When a potential risk is identified, it is logged in the “Risks and Warnings” table and assigned a criticality (High, Medium, Low) based on the identifying policy.

Notifications allow users to setup notifications based on complex rules and to have those notifications delivered to multiple services on a schedule to email, syslog or ticketing systems. Notifications can be triggered by configuration changes or network risks.

Your Reports

The Network Sandbox is an isolated workspace that aids network engineers and infrastructure managers with the evaluation of proposed changes to system configurations, operating system upgrades or hardware replacement without affecting the production network. Our network modeling platform provides the ability to evaluate proposed changes to network devices by importing modified configuration files, evaluating the changes against policies, best practices, and regulations, and reporting on risks and vulnerabilities. Additionally, changes can be reviewed and compared, paths and connectivity can be analyzed, compliance reports can be run and reviewed.

Comparison Analysis

Tracking changes over time provides a rich data source for analysis.  Comparison Analysis allows the user to review two points in time to identify changes across the system including assets, rules, objects, and paths.

rule table

Vulnerability Prioritization

Vulnerability Prioritization provides the Network Security Team and Compliance Team with capabilities that allow users to:

  • Align network architecture understanding and break silos through a single pane of glass
  • Train first responders and harden defenses via realistic attack scenario simulation
  • Prioritize vulnerability mitigation faster

Network Architecture Understanding

Monitoring for indicators of compromise allows organizations to better detect and respond to security compromises. When the security team discovers a potential compromise, NP-View can assist with incident response by quickly identifying critical paths to the compromised system.

For example, critical host H-192.168.1.103-32, a database server on the network, is experiencing increased reads.

Train First Responders

Users can be trained to use NP-View to quickly assess the situation. NP-View shows each host with the inbound and outbound paths. In this example, the inbound port, 443, is the likely target for the increased database activity.

The topology map displays the 5 connectivity paths using this port.

Prioritize Vulnerability Mitigation

Stepping stones are hosts in a network which could be compromised and used by malicious attackers to perform lateral movements. Attackers hop from one compromised host to another to form a chain of stepping stones before launching an attack on the actual target host.

Using the stepping stone analysis, the security team can quickly identify the paths of concern and the number of steps away from the compromised system or other important assets and can quickly prioritize a remediation plan.

Videos and Webinars

Tutorials

Webinars

Learn how NP-View can be leveraged to improve your compliance and security workflows through our collection of webinars.

  • Webinar #1: Using NP-View at Home & Remote Network Access Verification
  • Webinar #2: NP-View Workflow for NERC CIP Audit
  • Webinar #3: How to Efficiently Organize & Update your NP-View Projects Over Time
  • Webinar #4: Towards Continuous Compliance with NP-View Server
  • Webinar #5: NP-View Use Cases Beyond NERC CIP Audit
  • Webinar #6: Cyber Resiliency: Thinking Differently about Cybersecurity

Feature Documentation

Network Visualization - Layer 2

This section describes extended support for Layer 2 devices in NP-View. This support was added in 6.0.1

Layer 2 visibility

This feature adds baseline support for Layer 2 visibility.

Supported devices:

  • Cisco IOS
  • Cisco ASA

In addition to the layer 3 information inferred from ARP and Route tables, NP-View imports MAC and Interface tables to begin to support layer 2 interfaces. This data is automatically collected by the supported device connectors. Route and Interface data is loaded with the configuration file, while the ARP and MAC data can be added independently to views as auxiliary data.

If loading data manually, load only one configuration file at a time and include all auxiliary data on the same import for proper file association.

Layer 2 Capabilities:

  • Control the map from Topology Settings to display or hide Layer 2 Nodes / Links.
  • Control the map to expand or collapse Layer 2 Networks and attached hosts.
  • Search function to locate, highlight, and open the info panel of a Layer 2 node.
  • View VLAN information on the node info panel.
  • View Layer 2 / VLAN data in the interface table.

Layer 2 connections are represented by a blue dotted line to a gateway.

To see the Layer 2 details, enable the 'Show Layer 2 Connections' from the topology settings.

Once enabled, Layer 2 networks will be displayed as teal clouds. Hosts / endpoints will be displayed as classic hosts.

Endpoints defined from Layer 2 communications will display the MAC Address where Layer 3 hosts will display a hostname or IP address. Only Layer 2 endpoints

with and IP address will be considered verified.

Clicking on the endpoint will display the info panel with the addition of the new VLAN section.

Note that Layer 2 topologies can get very complex very quickly.

Limitations:

  • Duplicate L2 and L3 networks and endpoint may occur if there is no data tying them together.
  • Layer 2 from Layer 3 can add a lot of data to the topology making navigation and topology save slower than usual.
  • Path analysis does not apply to Layer 2.

Layer 2 connections manually-populated, user-generated files

There are cases where not all devices have a configuration file. This is common in Layer 2 switches. This feature adds baseline support for Layer 2 visibility using manually generated files.

Adding a Layer 2 Switch

The text file can be used to create a Layer 2 switch in NP-View.  This switch can be used in conjunction with the common data model file outlined below to add layer 2 devices and connected nodes to the topology.

Following is an example of the data that can be in the file. The text file should be a properly formatted YAML ending with .YAML or .YML or it won’t be classified correctly and the import will fail. Note that each manually created switch will use a device license.

The imported device will be interpreted as a layer 2 switch by the system. Be sure to not use special characters within the device name or the interface names. Stick with alphanumeric characters, underscores can be used as shown below.

# This first line must be present, and the identifier must be np_custom_device 
file_identifier: np_custom_device 
# The name of the device, will be represented as such in the app 
device_name: custom_l2_switch 
# Vendor string, merely a description of the device 
vendor: netgear 
# A list of interfaces on the device, you need at least one interface 
interfaces: 
  - name: eth0 
    mac_addr: 0000:1b2b:fefe 
    ip: 192.168.1.100 
    netmask: 255.255.255.0 
  - name: eth1 
    mac_addr: 0101:acdc:80ba 
    ip: 192.168.2.100 
    netmask: 255.255.255.0 

When the above .YAML file is loaded into NP-View, the following device will displayed in NP-View.

With the following interfaces:

Adding Layer 2 Connectivity

To add layer 2 connections to any device, a Excel file, referred to as the Common Data Model or CDM can be created to add endpoints and connections to NP-View.

The format for the CDM is as follows:

Coming Soon

Limitations:

  • If the user makes input errors, the system will display what they typed.
  • Users need to verify that the topology represents the data as they expect it. There is no way for NP-View to know the data is incorrect.
  • This function allocated licenses to Layer 2 devices, if the user mistypes the device name licenses will still be used.
  • Duplicate L2 and L3 networks and endpoint may occur if there is no data tying them together.
  • No rules, objects or paths will exist for L2 switches.
Notification Manager (Server)

Notification manager is used to configure services and rules for generating and sending system notifications about Workspaces. Select the system menu (top right corner) and then “Notification manager”


to display the Notifications menu:

Configure Services

Before rules can be configured in notification manger, the administrator is required to configure at least one notification service.  Services include: e-mail, STIX/TAXII, SIEM (Syslog), and select ticketing systems.

  • SMTP configuration requires a server IP address, communication port, user id and password.  Note that a firewall port may need to be opened for NP-View to communicate with your SMTP server.
  • Syslog configuration requires a server IP address and a communication port.
  • ServiceNow configuration requires a server address, user name and password.
  • TAXII configuration requires a server address, server port, data path and a destination collection name.

Service configuration can be found under “Notification manager -> Configure Services” tab.

Additional Email Configuration Details for LDAP/AD

When connected to LDAP or Active Directory, the user’s email addresses are extracted from the authentication server. They are typically stored within the LDAP/AD email field. The test button will pull the LDAP/AD information for inspection. If a field other than email is used, the field name should be added to the LDAP setup page replacing the default “email”. If the email field is missing, please contact your system administrator to have the email field added and populated for each user who wishes to receive automated notifications.

If your email server requires authentication to send emails, we recommend using a service account with a non-expiring password or notifications will stop sending when the password expires.

Add/Edit Rules

NP-View can automatically send information to the configured services for changes and activities impacting your workspaces. Select the system menu and then “Notification manager -> Add/Edit Rule” to setup rules.

Rules can be set to choose which activities and events are included in notifications.  When configuring the notification rule, the user will select a service to deliver the notification to, the workspace(s) to be monitored and frequency the report should be delivered.

Notification frequencies are:

  • Instant
  • Hourly
  • Daily
  • Weekly
  • Monthly

After that, the criterion for generating the report is selected. Activity types include:

Activity type Activity status Activity Severity
Risk alerts New, Confirmed, Fixed, False positive, Will not resolve Low, Medium, High
Warnings New, Confirmed, Fixed, False positive, Will not resolve Low, Medium, High
Errors New
Comments New Low, Medium, High
Change events New

For each Activity type, one or more activity status or  activity severity can be selected and the notification rule can be filtered by keywords.

Finally, the output can be sanitize to remove IP addresses and saved in the database for future viewing.

Note: If the save in database box is not checked, the report will not be viewable on the Your Reports tab.

Click Save Rule to save your configuration.

Your Rules

Once rules are created, they appear on the “Your Rules” tab. This tab shows each rule created.  Workspace Admins can only see their rules and Administrators can see all users rules.  From this tab. users can edit, delete or copy a rule.

Your Reports

Once rules triggered and the the “save for future viewing” function is active, a summary of each report generated will be displayed on the  reports tab.  The Workspace Admin can see and delete their own reports and the Administrator can see and delete all users reports.

Object Groups Report

This article will focus on the Object Groups Report.

NP-View uses reports to present network information related to the open workspace.  These reports are available to all users and can be accessed from the main menu. For more information visit the Workspace Reports Overview article.

Object Groups – Defined

  • Object Groups classify users, devices, or protocols into “groups” and apply those groups to Access Control Lists (ACLs), to create access control policies for those groups.
  • The Object Groups report provides a summary of Network ACL Object Groups.
  • These object groups may include: Host IP addresses, network address of group members, and nested object groups.
  • Objects consist of several types including Address, Service, Binding, Interface, and Zone.

The Object Groups Report can be accessed in two ways. Each way presents a different data set.

  1. From the main menu, the table will populate the table with all objects for all devices in the workspace, including globals.
  2. From the topology, when clicking a Firewall/ Router/ Switch – its info panel will open – and the user can select Object Groups from the Data for this Device section. Only the objects for the selected device will be displayed in this case.

*main menu

       *info panel

Network Management System:

When data is loaded from a firewall vs Network Management system, the listing of object groups for addresses may vary.

  • When viewing data from a network management system, globally defined groups may be available.
  • When the data is loaded from the firewall, the global addresses may be presented as local addresses.

What Data is Present?

The list below the image details the data types available in the Object Groups Report.

Object Groups Columns

+
  • Change Status: used in comparison mode to reflect added, unchanged and removed objects.
  • Comment: (Author, Criticality, Date) User entered comments (or justification) and criticality levels (low, medium, high).
  • ID: NP object identifier
  • Internal: NP object identifier
  • Luid: NP object identifier
  • Name: (OBJECT_NAME) Name of the object group which may include:
    • Any IP address–includes a range from 0.0.0.0 to 255.255.255.255
    • Host IP addresses
    • Hostnames
    • Other network object groups
    • Ranges of IP addresses
    • Subnets
  • Object ID: Value for linking rules to comments. This column must be displayed when exporting the object table for enrichment and reimport.
  • Origin: (OBJECT_ORIGIN) Name of the device containing the object definition
  • Type: (OBJECT_TYPE) Address, Service, Zone or Protocol
  • Unused Status: (OBJECT_STATUS) Cisco, Juniper and Fortinet status column which defines if the object is not used. True = Unused.
  • Value: (OBJECT_VALUE) Content of the object group

Table Actions

There are a number of actions that can be taken in the Object Groups report, some are specific to Object Groups, others are universal to all Reports.

  • Overflow Data: When there is more data in a Cell than can be presented in a column, the overflow data can be accessed by clicking the + icon in the cell.
  • Object Group Details: The name column will show related object data details within the + popup.
  • Columns can be displayed or hidden using the hamburger menu in the upper right corner of the report.
  • Changes to the menu are automatically saved.
  • Additionally, the table can be exported as displayed, with comment history or with object groups.
  • Only visible columns will be displayed.
  • Columns can be sorted, rearranged or resized and changes will be automatically saved.
  • Column filters can be displayed.
  • Filters applied to the table or column will automatically be saved.
  • Filters can be reset from the hamburger menu.

*the Object Groups Report Menu

Comments

NP-View provides a simple and easy way for users to add comments to Object Groups, and to track the historical lineage of these comments in a workspace. Comments can be added, or viewed, but for for integrity purposes they cannot be edited or deleted by users.  If an Object Group is changed or removed from the system, the group and associated comments will be removed from the Object Group table.

Adding a Comment: Comments can be added to a row by double-clicking on the cell in the column “Comment”.  Comment text and status can be added and then saved with the save button. Once the comment is saved, the author and time stamp are automatically inserted.

*applying comment

*applying comment – closeup

Comment History: Additional comments can be added to a row to begin creating a lineage or history of comments. This history will be automatically available when more than one comment exists on a row and can be expanded by clicking the blue clock icon on the leftmost column of the table. If there is no history the icon will be disabled.

When viewing history, changes between lines are highlighted in blue.

Example: If Comment 1 is: “Check This” – ‘medium’ and Comment 2 is “Check This” – ‘low’ the criticality cell would be highlighted because there was a change – the comment text would not be highlighted because it remained the same.

*Viewing comment history

*Viewing comment history – closeup

Object Groups Hash

Object groups are uniquely tagged (Object ID) within NP-View for linkage to comments. More info in the expanded section below.

Object Group Hash

+

Object groups are uniquely tagged (Object ID) within NP-View for linkage to comments. The tag (hash) is calculated based on a combination of the following data fields. Available data varies based on manufacturer so, some fields may not apply to specific manufacturers. Most of the below fields are defined above. For the fields unique to the hash, they are documented below.

If any of the data in these fields changes, the tag will change and previously linked comments and metadata will no longer be associated with this object.

  • OBJECT_NAME
  • OBJECT_TYPE
  • OBJECT_ORIGIN
  • OBJECT_VALUE
  • OBJECT_STATUS
  • OBJECT_TAG

Additional Features

  • The Compare button invokes a time series comparison function for the report.   Additional details on this function can be found here.
  • Comments can be imported from an Excel file.  Additional details on this function can be found here.
  • Conditional formatting can be applied to this table report.  Additional details on this function can be found here.

Comparison Report

+

Access Rules and Object Groups have a Compare function to show historical differences in data that has been added or removed. The function can be engaged by clicking the “Compare” button located at the top of the page. This function is used to display changes over a period of days.

The user can select a time frame (7, 30, 90 or 356 days or a custom date range). The user can select one or more devices to include in the report and then show the history over the range. Once the parameters are selected, the “Show Comparison” button should be selected.

The comparison function will display all changes (Rule Adds, Rule Removal and Unchanged Rules) for the selected days. The data will be displayed using the column format of the selected table. The user can filter on added, removed or unchanged rules by clicking the jelly bean. Added rules will be highlighted in green, removed rules will be highlighted in red and unchanged rules will be highlighted in light blue.

Clicking the “Compare” button will revert to the normal table but will not clear the selections.

Clicking the “Reset” button will clear the selections and reset the table.

Expanded Object Groups

In the Access Rules table, Source, Destination and Service groups can be expanded to see the group details.  By clicking on the + icon within a cell, the expanded group information can be made visible.

Path Analysis

Through network access modeling, NP-View analyzes all possible connectivity paths in a network based on the firewall, router, and switch configuration files imported. The results are presented in:

  • the Connectivity Paths table,
  • the Compare Path History,
  • the Connectivity Matrix for each device, and
  • the Inbound Connectivity and Outbound Connectivity sections of the info panel for hosts, gateways, and networks.

Path analysis is only available in custom views that have been manually created using the “Manage Views” menu. This can be found in the default Home view in which only devices are shown (no network, no end points) does not include a path analysis.

NP-View provides two options for analysis; Internal and Internal + External. Internal analysis computes paths for all the devices and end points within the view. Internal + External analysis include devices and end points within the view and adds external end points that are listed as unmapped.

By default, new views are created using internal analysis. To include external hosts, select Internal + External from the dropdown.

Please note that the external path analysis will take more time to complete and will return a larger number of paths.

Why are there zero paths identified after analysis

In some workspaces customers are seeing zero paths after analysis.  To understand why, each ‘allow’ rule must be investigated.  In these cases, we found various reasons for not seeing any paths.  Some of these reasons are:

  1. IP addresses of the firewall’s interfaces and of access rules’ sources and destinations do not overlap. Firewall’s interface addresses are in 124.x.y.z IP ranges. However, the source and destination objects for access rules are in 10.x.y.z IP ranges. Therefore, the traffic is dropped at the ingress of the firewall. This could be caused by (1) incorrect config export, (2) incorrect sanitization, or (3) incomplete config.
  2. A zone contains two interfaces (tunnel.1 and tunnel.3), and it is anticipated that the intrazone paths would show up (due to default allow as well as specifically defined access rules). However, those tunnels are destined to gateways that are connected via layer-2 links (in the config). Therefore, our processing of layer-3 paths does not include those cases.

Why are there paths with no rule sequences

In some situations, the path sequence field may not be populated due to implied rules from tunnels or security levels. In these situations, the path sequence will be populated with text: ‘Access implied by tunnel or security level’

Why does Path Analysis not create paths for FWs where there are 2 defined default static routes

We use default gateways to route traffic to and from external addresses. In this context, we handle multiple default gateways differently depending on whether the paths are inbound or outbound.

For inbound paths, i.e., from external sources to the internal network, we process all default gateways. We process traffic through every default gateway and generate all paths as the access rules allow.

For outbound paths, i.e., from internal network to external sources, we select only one default gateway. We have implemented a set of rules grounded in routing principles that prioritize one route over others. However, if those rules find no clear winner, we break the tie by picking the route through the interface appearing first in alphabetical order. In any case, we end up picking one default route and generating a warning  message.

Supported Devices & Data

Firewalls, Routers, Switches

The following table is a comprehensive list of supported devices. The instructions provided in the table can be used to manually extract data from the device for import. While we do our best to support the below devices, it is impossible for us to test the parsers with every possible device configuration combination. If errors occur during device import, Network Perception is committed to working with our customers to resolve their specific parsing issues.

Note that Network Perceptions device support policy follows that of the manufacturer.  When a manufacturer ends support for a product, so does Network Perception.  End of support devices are not removed from NP-View but will not be upgraded if issues arise.

Supported Devices with Vendor Partnership

The devices in this list are actively tested in our lab to support the most current versions of the manufacturer software. Network Perception has an active partnership with these vendors for software and support.

Vendor Type/Model/OS Configuration files needed
Check Point R81 / R81.10 / R81.20 including Multi-Domain Security and Virtual Router support (VRF) We support the database loading using the NP Check Point R80 Exporter (PDF documentation, video). Zip File Shasum: 5d22b182d773c020fd2a58838498b8be8221468e Exporter Tool Shasum: cc3131da37362da1291fa4a77cd8496fcb010596
Cisco
  • ASA Firewall (9.8 and up) including multi-context and Virtual Router Forwarding (VRF).
  • FTD Firewall (7.1.x, 7.2.x)
  • IOS Switch (15.7 and up) including Virtual Router Forwarding (VRF).
  • ISR (IOS-XE 17.6.x and up)
  • We do not support Application Centric Infrastructure (ACI) or NX-OS
For a Cisco IOS device, the sequence would be:
  • enable (to log into enable mode)
  • terminal length 0 (it eliminates the message between screens)
  • show running-config
For a Cisco ASA, the sequence would be:
  • enable
  • terminal pager 0
  • show running-config
For FTD, see additional instructions below
Fortinet FortiGate Firewall, FortiSwitch (FortiOS 7.0.x, 7.2.x) To get a config capture from the CLI using Putty (or some similar SSH) client, here is the process:
  • Turn on logging of the CLI session to a file
  • In the CLI of the FortiGate, issue these commands in sequence:
  • config system console
  • set output standard
  • end
  • show full-configuration
  • Turn off logging
Palo Alto Next Gen Firewall (PanOS 10.x, 11.x) including multiple virtual firewalls (vsys) and virtual routers (vrf). We do not support SD-WAN See additional instructions below

Supported Devices with no Vendor Partnership

The devices in this list are actively tested in our lab to support the most current versions of the manufacturer software.

Vendor Type/Model/OS Configuration files needed
Dell – Edge Gateway Ubuntu Core (IP Tables) see additional instructions below
Dell – PowerSwitch OS10 show running-configuration
Dell – SonicWall SonicOS (5.9.x, 6.5.x) “From GUI, Go to Export Settings, then Export (default file name: sonicwall.exp)” see additional instructions below
FS Switch (FSOS S5800 Series; Version 7.4) show running-config Note that FS configs are Cisco like and not tagged specifically as FS. We do our best to identify the device type but may display the device as Cisco in NP-View
Nvidia Mellanox (Onyx OS) show running-config Note that Nvidia configs are Cisco like and not tagged specifically as Nvidia. We do our best to identify the device type but may display the device as Cisco in NP-View
pfSense Community Edition 2.7.2 Diagnostics > Backup & Restore > Download configuration as XML
Schweitzer Ethernet Security Gateway (SEL-3620) SEL Firmware: from “Diagnostics”, click on “Update Diagnostics” and copy the text OPNsense: from ‘System > Configuration > Backup’ export .XML backup file Note: IPTables from OPNsense are not supported in NP-View.
Siemens – RUGGEDCCOM ROX Firewall RX1000-RX5000 (2.x) admin > save-fullconfiguration. Choose format “cli” and indicate file name

Historical Devices

The devices in this list were developed based on customer provided configuration files.  We are no longer actively developing these parsers but they are supported for break/fix and require customers sanitized config files to assist with the debug of issues.

Vendor Type/Model/OS Configuration files needed
Dell PowerConnect Switch console#copy running-config startup-config (instructions)
Nokia Service Router (SR7755; TiMOS-C-12.0.Rx) admin# save ftp://test:test@192.168.x.xx/./1.cfg
↳Alcatel-Lucent Service Aggregation Router (SAR7705; TiMOS-B-8.0.R10) admin# save ftp://test:test@192.168.x.xx/./1.cfg
Berkeley Software Distribution (BSD) Firewall (Open, Free and Net; 3 series) ifconfig -a > hostname_interfaces.txt See additional instructions below
Extreme Switch (x400, x600; XOC 22.6) save configuration
Hirschmann Eagle One Firewall (One-05.3.02) copy config running-config nv [profile_name]
HP / Aruba ProCurve Switch (2600, 2800, 4100, 6108) show running-config
NetScreen Firewall (ISG, SSG) get config all
Linux BSD IP Tables Firewall iptables-save See additional instructions below
NETGEAR Smart managed Pro Switch (FS/GS-Series; 6.x) CLI: show running-config all Web UI: Maintenance > Download Configuration
Siemens ROS Switch (RSG2-300; 4.2) config.csv
↳Scalance X300-400 Switch cfgsave
Sophos Firewall (v16) Admin console: System > Backup & Firmware > Import Export
VMware NSX Firewall GET https://{nsxmgr-ip}/api/4.0/edges/ (XML format) Learn more about vCenter and VSX
WatchGuard Firewall (XTM 3300, XTM 850) Select Manage System > Import/Export Configuration

Additional Instructions

Collecting Data from the Device Console

+

Collecting configuration information from the device console can be an easy way to get the device data.

Following the below rules will help ensure success when importing the files into NP-View.

Note that not all data can be retrieved from the console. Please review the section for you specific device for additional instructions.

  1. Run the command from the console.
  2. Copy the text to a plain text editor. Do not use Word or any fancy text editor as it will inject special characters that we cannot read.
  3. Review the file and look for non text characters like percent encoded text or wingdings like characters. These will break the parser.
  4. Save the output of each command in a separate file and name it after the device so that NP-View can properly attribute the files. For example: firewall1_config.txt, firewall1_arp.txt, firewall1_route.txt
  5. For Palo Alto files, there are specific naming requirements, please see the Palo Alto section for additional information.
  6. Some config files contain very long strings. Line wrapping due to the window size of the terminal will break the parser. If using a terminal like Putty, please ensure the terminal is set to maximum width.
config system console
set output standard
end

Finally, if you encounter a parsing error when loading the files and want to upload the files to Network Perception using the portal, please sanitize all files at the same time so that we can keep the data synchroized across the files.

Berkeley Software Distribution (BSD)

+

BSD has three firewalls built into the base system: PF, IPFW, and IPFILTER, also known as IPF FreeBSD

  • Packet Filtering (PF): Rules located in file /etc/pf.conf
  • IP Firewall (IPFW): Default rules are found in /etc/rc.firewall. Custom firewall rules in any file provided through # sysrc firewall_script=”/etc/ipfw.rules”
  • IP Filter also known as IPF: cross-platform, open source firewall which has been ported to several operating systems, including FreeBSD, NetBSD, OpenBSD, and Solaris™. Name of the ruleset file given via command ipf -Fa -f /etc/ipf.rules

OpenBSD

NetBSD

BSD and similar systems (e.g., Linux) will use the same names for interfaces (eth1, eth2, em1, em2, carp1, carp2, etc.). The parser might be confused if the user imports interface files and packet filter configs from different systems at the same time resulting in a combined system instead of individual devices. To prevent this, the user should group all files by host, making sure to name the ifconfig file after the hostname (i.e. host1_interfaces.txt).

Free BSD Example

Below is an example of a 2 host FREE BSD system containing FW1, host1 and host2. The user should import the files in each section as a separate import. fw1 – first data set import (all available files imported together)

  • pf.conf (required file) (note, can be named differently, e.g., FW1.txt’)
  • obsd_fw1_interfaces.txt (required file) (note that the parser keys on the “_interfaces” string”. Text before “_interfaces” will be used to name the device. In tis example ‘obsd_fw1’)
  • hostname.carp1
  • hostname.carp2
  • hostname.hvm2
  • hostname.hvm3
  • hostname.hvm4
  • table1
  • table2

host1 – second data set import (all available files imported together)

  • pf.conf (required file) (note, can be named differently, e.g., host1.txt’)
  • host1_interfaces.txt (required file) (note that the parser keys on the “_interfaces” string”. Text before “_interfaces” will be used to name the device. In this example ‘host1’)
  • hostname.em1
  • hostname.carp1

host2 – third data set import (all available files imported together)

  • pf.conf (required file) (note, can be named differently, e.g., Host2.txt’)
  • host2_interfaces.txt (required file) (note that the parser keys on the “_interfaces” string”. Text before “_interfaces” will be used to name the device. In this example ‘host2’)
  • table1
  • table2

The only required files are the config file (can be named something other than pf.conf) and the ifconfig file. hostname files are optional (unless they contain description of interfaces not in the ifconfig file). Table files contain a list of IP addresses that can be manipulated without reloading the entire rule set. Table files are only needed if tables are used inside the config file. For example, table persist { 198.51.100.0/27, !198.51.100.5 }

Legacy Fortinet Support

+

Support for Fortinet through 6.2 ended September 2023. Please note that no upgrades to these parsers will be made.

Palo Alto Panorama & NGFW

+

Panorama

If Panorama is used to centrally manage policies, the access rules and object groups can be retrieved from these devices in XML format (we do not support the import of unstructured text files). If using the Panorama connector, the required files will automatically be downloaded:through 6.2 ended September 2023. Please note that no upgrades to these parsers will be made.

The Panorama file will only contain centrally managed access rules and object groups.

Locally defined access rules and object groups cannot be retrieved from Panorama and must be retrieved from each NGFW. Please follow the instructions below to export directly from the Next Gen FireWall using API.

Palo Alto Firewalls will ALWAYS have a V-sys even if one has not been configured it will default to vsys1.

The “mapping_config” file is required which can only be retrieved through the API using the “show devices connected” command.  The name of the file is “named_mapping_config.xml” where the named prefix needs to match the device name as shown in the UI when the running_config.xml is imported alone. All files should be imported at the same time. Please see instructions below:

The below links are to the Panorama documentation for the required commands with examples. The links provide you with commands to run directly in the Panorama CLI. The images we provided are for using Postman or web browser use.

Get API Key


Get Panorama and device bundle Configuration



Get device mapping config


Once both the “<panorama_server>_running_config.xml” and <panorama_server >_mapping_config.xml” are gathered, please import them together in NP-View.

Next Gen Firewall (NGFW)

If using the PanOS connector is used to download files, the required files will automatically be downloaded:

The configuration information from the NGFW may be contained in several .xml files, <device-name>_merged_config.xml and <device-name>.vsys(n)_pushed_policy.xml.  There can be one vsys file per virtual interface. The naming of these files is important for the parser to merge them during import.  All files from a single firewall must be imported at the same time and in .xml format (we do not support the import of unstructured text files).  If any of the files are missing, improperly named or formatted, an error message will state that ‘File parsed but ruleset and topology were empty, aborting’ meaning they could not be linked to the other associated files.

An example of properly named files is below:

  • Chicago-IL-100-FW1_merged_config.xml
  • Chicago-IL-100-FW1.vsys1_pushed_policy.xml
  • Chicago-IL-100-FW1.vsys2_pushed_policy.xml

NOTE: If the NGFW is an unmanaged/standalone Palo Alto device it will not have a pushed_policy file. In this situation, the configuration .xml file can be downloaded directly from the firewall and loaded into NP-View.  The file name need not be changed when loading the file from a standalone firewall.

To manually export configuration files from an unmanaged firewall:

If the NGFW is managed by a Panorama, the API will be required to secure the necessary files:

Get API Key



Get PANos Firewall full configuration



Get Managed Firewall configuration

Virtual Routers (vrf) – Experimental Support

Virtual router (vrf) is a software-based routing framework in Palo Alto NGFW that allows the host machine to perform as a typical hardware router over a local area network. NP-View has added the experimental capability to detect Virtual Routers from Palo Alto devices (NGFW or Panorama) and present them in the Connector or Manual Import device selection screens. Virtual Routers will be treated the same as physical routers and will require a device license.

This feature is disabled by default and must be enabled prior to importing configurations containing virtual routers.

To enable the feature the NP-View Server admin will need to make a change to a system variable.

  • Stop the NP-View Server application.
  • in the docker-compose.yml file, change the enableVirtualRouters=False to enableVirtualRouters=True in three places within the file.
  • start the NP-View Server application.

For Desktop

  • Close the NP-View application.
  • In the file C:\Users\<username >\AppData\Roaming\NP-View\config.ini add enableVirtualRouters=True
  • Restart the NP-View application

Once enabled, the user will be presented with the option to select virtual routers from the connector in the device selection or upon manual import.

Legacy Palo Alto PanOS Support

+

Support for Palo Alto PanOS prior to V9.1 are no longer supported. Please note that no upgrades to parsers will be made for unsupported devices.

Dell Edge Gateway

+

The Dell Edge Gateway runs Ubuntu Core OS. The gateway uses IP tables to configure the local firewall. NP-View uses the following 4 files extracted from the Ubuntu server to generate the topology. This device is not a firewall but more of an application running device. It does have some security features but we suspect it would be behind a real firewall. The following data is needed to import this device.

  • iptables_rules → to get a device created, containing interfaces and rules
  • hostname_interfaces → associated with config above
  • arp_table → to get external hosts (ip + mac)
  • active_connections → to get routes

This is not a simple device to get data from, the following process must be followed:

1. Capture the iptables Filter Rules

To capture the iptables filter rules (the firewall rules that are active on the system), you can use the following command:

Show Command:

sudo iptables -L -v -n

Description:

Lists the currently active iptables firewall rules (filter rules). Includes details about chains (INPUT, OUTPUT, FORWARD), protocols, sources, destinations, and ports.

Save Command:

sudo iptables-save > ~/iptables_rules.conf

This will save the firewall (filter) rules in a file called iptables_rules.conf in your home directory.

2. Capture the Network Interface List

To capture the list of network interfaces (with IPs, MAC addresses, etc.):

Show Command:

ip addr show

Description:

Displays the list of all network interfaces on the system. Includes details about interface names (eth1, eth2, etc.), IP addresses, MAC addresses, and other interface attributes.

Save Command:

ip addr show > ~/hostname_interfaces.txt

This will save the interface details in a file called hostname_interfaces.txt in your home directory.

3. Show ARP Table

Show Command:

ip neigh show

Description:

Displays the ARP table, showing which MAC addresses correspond to which IP addresses on the network.

Save Command:

ip neigh show > ~/arp_table.txt

4. View Routing Table

Command:

ip route show

Description:

Displays the current routing table, showing default gateways, specific routes, and the interfaces used to reach specific networks.

Save Command:

ip route show > ~/routing_table.txt

5. Loading files into NP-View

Once all of the files have been retrieved, they need to be loaded into NP-View together and without any other files so they are properly associated.

Legacy Check Point R80 Support

+

Support for Check Point R80 through R80.40 ended April of 2024. Please note that no upgrades to these parsers will be made.

Cisco FTD

+

NP-View supports Cisco FTD through the output of “show running-config”command. However, it is important to note that Cisco FTD includes network filtering policies documented outside of the running configuration. This section explains where to find those policies.

As of version 6.1, Cisco FTD includes a Prefilter Policy feature that serves three main purposes:

  • Match traffic based on both inner and outer headers
  • Provide early Access Control which allows a flow to bypass Snort engine completely
  • Work as a placeholder for Access Control Entries (ACEs) that are migrated from Adaptive Security Appliance (ASA) migration tool.

The feature has 2 primary use cases:

  • For use with Tunnel Rule Types
  • For bypassing the Snort engine

These prefilter rules are part of the FTD configuration and are displayed via the “show running-config” command on the FTD. They manifest in the NP-View Access Rule table as a Permit IP with:

  • Source = any
  • Destination = any
  • Service = IP/any to any

As a result, the NP-View Rule Policy engine flags these rules as a high risk alert.

In the operation of the FTD, if a packet meets the prefilter policy, it is then evaluated by a secondary set of rules in the Snort engine or applied directly to the tunnel. The Snort rules are not part of the output of the of the “show running-config” output from the FTD. These rules are established, maintained and viewed on the FMC (management server), but are not readily available via the FTD CLI interface.

In the context of an audit during which evidence around these prefilter rules is requested, we recommend documenting that these rules are a default configuration for the system and we also recommend generating a FMC PDF Policy report to explain the flows of traffic within the FTD configuration. For more information, please refer to the Cisco FTD Prefilter Policies documentation.

SonicWall

+

We support .exp files as the default SonicWall file format for v5.9 and v6.X of the SonicOS.

The main UI allows for export of the encoded .exp file as such:

To extract the file via command line, then the command to export is

export current-config sonicos ftp ftp://[USERNAME]:[PASSWORD]@[FTP IP/URL]/sonicwall.exp

Where the username/password/FTP IP or URL must be changed. The file “sonicwall.exp” will then be saved at the FTP location. As this file is encoded, there’s no way to echo or cat the data.

Requesting Support for New Devices

The above list of supported hardware has been lab and field tested.  Newer versions generally work unless their is a major platform or API upgrade.  Please contact support@network-perception.com if you wish to get more information on parsers, request support for a particular device or are interested on co-developing a solution.

Connectors

NP-View includes a utility to automatically retrieve network device configuration files on a schedule. The connector types supported in NP-View Server are below:

Configuration Managers

For retrieving config files from network management systems. For each connector, the user can select the devices to be uploaded for monitoring.

Manufacturer Type/Model Configuration Information Required Connection Type
Fortinet FortiManager (6.4.x, 7.0.x) Hostname or IP address plus login credentials HTTPS + optional SSL server verification
Palo Alto Panorama (10.x, 11.x) Hostname or IP address plus login credentials See device selection section below for additional information HTTPS
SolarWinds Network Configuration Manager (Orion Platform HF3, NCM HF1: 2020.2.6) Hostname or IP address plus login credentials HTTPS

Direct Device Connection

For retrieving config files directly from the network device.

Manufacturer Type/Model Configuration Information Required Connection Type
Check Point R81.x Hostname or IP address plus login credentials See device selection and service account sections below for additional information HTTPS + optional SSL server verification
Cisco Adaptive Security Appliance (ASA 9.19) Hostname or IP address plus login credentials, enabling password and optional context SSH
Cisco Internetwork Operating System (IOS 15.9) Hostname or IP address plus login credentials, enabling password and optional context SSH
Fortinet FortiGate (FortiOS 7.0, 7.2) Hostname or IP address plus login credentials Note: SCP should be enabled in the configuration (instructions) SSH
Palo Alto NGFW (PanOS 10.x, 11.x) Hostname or IP address plus login credentials HTTPS

Volume Shares

For retrieving config files that are uploaded to a common collection repository.

Platform Connection Configuration Information Required Connection Type
Windows SMB Share (Samba) Hostname or IP address, share name, device name and root folder path SMB/CIFS
Linux SSH Share Hostname or IP address and folder path. Optionally an include list and exclude list can be defined. SSH

Additional Connector Information

Service Account

+

The use of service accounts is a recommended best practice when connecting to devices through connectors. The service account can be read-only and must have API privileges. When entering credentials related to an Active Directory domain, it is recommended to enter the username using the format account@domain.xyz instead of domain.xyzaccount as the backslash can cause unexpected issues.

Checkpoint

+

For the connector to work CheckPoint devices, the API setting need to be enabled in the SmartConsole.  See the image below for settings and commands to restart the API.

Device Selection (Palo Alto and CheckPoint)

+

CheckPoint and Palo Alto network management systems provide files with multiple devices. The connectors for these systems allow for the selection of individual devices to load into NP-View. The user can select the “Retrieve device list” button to be provides a selection list.

Collecting Layer 2 Data from Devices

+

Layer 2 data will automatically be downloaded by the connectors for Cisco ASA and Cisco IOS devices. If the data is manually collected, use the following commands and file naming conventions.

Cisco ASA
  1. show running-config → 'device_name'.'context_name'.txt
  2. show arp → 'device_name'_arp_table.'context_name'.txt
  3. show route → 'device_name'_route_table.'context_name'.txt
  4. show interface → 'device_name'.'context_name'.interface_table.txt
  5. show access-list → 'device_name'.'context_name'.access_list.txt

Cisco IOS
  1. show running-config → 'device_name'.txt
  2. show ip arp → 'device_name'_arp_table.txt
  3. show ip interface brief → 'device_name'_interface_table.txt

Once all of the files are collected, manually load the files from each device together and separately from other devices for proper file association.

Samba

+

Network Perception suggests the following when setting up the SMB connection.

  1. Create a read-only user in Active Directory or on the SMB server.
  2. Determine the available share (Get-SMBShare” in Windows PowerShell) or create a new one.
  3. Share the SMB folder containing the Configuration files with the read-only user. For example:

Configuration:

Lets assume that the server is at \\192.168.140.14\
  • the shared folder is named 'share'
  • and the files are in a sub folder of share called \test\NERC-CIP-EMS
  • a UNC would look like this: \\192.168.140.14\share\test\NERC-CIP-EMS
  • Per the above, the device name was set to LAB-SMB
When configuring the SMB connector, the screen would look like this:

If during the connector test, access is denied, the following settings should be verified and may need to be changed for the SMB to work as expected.

Running PowerShell as administrator

Input command Get-SmbServerConfiguration

Verify that EncryptData is set to false

If set to true, run command “Set-SmbServerConfiguration -EncryptData 0

Verify SmbServerHardeningLevel is set to 0

If not set to 0, run command “Set-SmbServerConfiguration -SmbServerNameHardeningLevel 0

Microsoft recommended default is off (0). More information about these settings can be found on the Microsoft website.

SSH and Samba for HA Groups

+

NP-View has the ability to handle HA Groups.

As a best practice, if using SSH or SNB shares, it is best to overwrite the entire folder with updated config files from the current active devices. It is also a best practice to name the HA devices similarly for comparison. For example:

Pittsburgh_FW1

Pottsbirgh_FW2

etc.

For Samba shares, a similar method should be followed.

Refer to the Samba section for details.

If you have a system for which you need a connector or if you encounter a technical issue, please contact support@network-perception.com.

Configure Connectors (new)

This document relates to NP-View Desktop and Server version 6.0 and later.

Connectors automate the secure retrieval of configuration files from firewalls, routers, switches, and network device configuration managers. NP-View Desktop and Server can host one or more connectors that securely retrieves configuration files manually (desktop and server) or at the specified frequency (server only).

To access the connector function, use the system menu in the upper right corner of NP-View and select 'Manage connectors'

The connector function consists of several key features.

  • Password manager to reuse and manage passwords across multiple connectors.
  • Workflow for creating groups and connectors.
  • Automated data collection and download.
  • Flexible scheduling (Server only).
  • Runtime and scheduling status (Server Only).

The connector function supports the files devices listed on the connectors page.

Add Credentials

To get started, the user must first create one or more credentials. Credentials are used to access the devices and can be used for one or more devices. This provides for the ability to manage multiple devices with one set of credentials. Click the 'Add New Credential button to display the input section. Credentials are segregated by device type. Select the device type and input the required fields.

Once filled in, select the save button and the credential will be saved and displayed in the 'Credentials' box. Clicking on the credential will allow the user to edit the credential.

At this time, Deleting a credential is not supported.

Create Groups

Once credentials have been created, the user can proceed to creating a Connector Group.

Select the '+' in the 'Groups' section to display the add groups function. Fill in the group name, notes and select a schedule (server only). For desktop, only the 'On Demand' function will be displayed.

Once saved, the user can click on the connector group name in the 'Groups' panel to enter edit mode or select the three dots to the right of the name for individual group options.

Pull to run all associated connectors and delete to remove the group. Note that only empty group can be deleted.

Scheduling Groups

Groups can retrieve data on a schedule, when setting up or editing a connector group, the user can set a schedule.

The user has multiple options for scheduling the connector; monthly, weekly, and daily with flexible day of week and time options. We recommend that connectors be run at night to provide maximum resources for processing the data. When a connector group is scheduled, the next run status will be presented in the 'Groups' panel

and on the 'Processes' tab

Add Connectors

Once a group has been created, the user can add connectors to the group. In the connectors section, select the '+' to present the add connector function.

Proceed to select the connector type and fill in the required fields.

Next fill in the optional fields.

Filling in the name of a context will only fetch the data for that one context, leaving blank will fetch all contexts.

Selecting one ore more worspaces to deliver the fetched data. If left blank, the data will be retrieved for manual download.

The user can then test the connector to verify the credentials and/or save the connector.

Once saved, the user can click on the connector name in the 'Connectors' panel to invoke edit mode. Clicking on the tree dots next to the connector name provides individual connector options.

Manual Data Pull

Data from individual connectors can be retrieved manually by selecting the 'pull' option from the menu above. When selecting pull, the connector status will proceed to 'in progress'

and the processes tab will also display the progress status.

Once data has been pulled, the user can selectively download the most current data set from the connector panel.

Deleting Workspaces

If a connector is designated to deliver data to workspace and a user deletes the workspace, the connector will automatically be updated to reflect the workspace deletion.

Configuring Connectors (legacy)

In version 6.0, a new connector function was introduced. for new connector users, it is recommended to use the new connector function. The connector access has been moved from the +Import function to the system menu.

Connectors automate the secure retrieval of configuration files from firewalls, routers, switches, and network device configuration managers. NP-View Server can host one or more connectors that securely retrieves configuration files at the specified frequency. By default, connectors are accessible through HTTPS on port TCP/8443 of the NP-View server and is isolated for security purposes.

The first time an administrator accesses the connectors, they are required to define a Connector group name and a secure passphrase. The Connector group name will be used to create the encrypted connector file store. Connector information is encrypted at rest and in transit using a passphrase protected PGP key. Only the connector owners know the passphrase and the passphrase is never stored. Once initiated, connectors run in the background collecting network information.  If the NP-View server is restarted, the connector owner is required to re-authenticate and restart the connectors. Connector owners can create multiple connector groups and each will require their own login. Once created, the user can select from the list of available connectors when logging in.

The connector page contains five main options.

Add New Connector

The buttons from left to right are:

  • + Add New Connector
  • bulk start all connectors (see bulk start parameters below)
  • bulk stop all connectors
  • delete the connector (user must be logged into the connector group to delete)
  • exit the connector group.

Add Connector

To add a new connector, select “+Add New Connector”  button and a list of available connectors is presented. Connector options are: Cloud Providers, Configuration Managers,  Direct Devices and Volume Shares

Upon selecting the Connector type to add, the user is requested to fill in connection information. Connector information varies by vendor.  The connector configuration for a Palo Alto device is as follows:

The user must enter a Connector name (no spaces), host name, and credentials.  The user can then verify the credentials are correct with the “Test credentials” button.  The user can setup the polling cycle and provide the workspaces to deliver the resultant information.

Polling Cycles are:

  • On demand
  • Daily
  • Weekly
  • Bi-Weekly
  • Monthly

Configuration Management Systems

For Configuration Management Systems and file Shares, additional information may be required.  The user can retrieve a list of files from the device and filter the results.  To include specific files, put them in the include list field.  To exclude files, put them in the exclude list field.  If both lists are used, include list filter will be applied first and the exclude list filter to the results of the include list filter. If the share is PGP encrypted, a PGP Public key will be required.

Workspaces must be added to the connector for data to be transferred and displayed in the workspace.  If workspaces are added after a connector is setup, data will not be sent to the workspace until the next scheduled import and a configuration change is identified.  Creating workspaces before connectors facilitates faster visualization of data.

Connector Tile

Once the connector is added, a tile is added to the connectors home page.

Connector tiles are sorted by the characters in their names using standard Linux conventions:

  1. whitespace
  2. integer
  3. special char
  4. uppercase [A-Z]
  5. underscore (possibly other special chars)
  6. lowercase [a-z]

From the tile, the user can:

  • manually activate the connector for a one time data pull
  • run / pause the connector
  • edit the connector
  • copy the connector
  • delete the connector.

The tile banner will show in three colors:

  • red – connector failed
  • blue – connector scheduled to run
  • gray – connector paused

Click the start / pause button to restart a failed or paused connector, note that a connector may take several minutes to change the banner color.

Connector for Forescout

+

The Connector for Forescout 8.1 and later enables integration between CounterACT and NP-View such that network device configuration files managed by CounterACT can be automatically imported into NP-View and aggregated into specific workspaces. Currently, Cisco switches are supported through the Forescout Switch Plugin.

  • Download the Forescout Extended Module for NP-Vie from https://updates.forescout.com.
  • Start your Forescout Console and login into Enterprise Manager.
  • Then open “Options”, select “Modules”, and install the fpi.

To request additional support for this connector or to request support for other devices, please contact support@network-perception.com.

Connectors + Samba (SMB) Access Error

+

This error can be caused by two communication scenarios between Linux and Window. Either SMB encryption is enabled on the Server or SPN target name validation level is enabled (or both). To check which of these features is causing the issue, Run PowerShell on the Windows Server as administrator and run the following command:

Get-SmbServerConfiguration

If EncryptData = True, it can be disabled using:

Set-SmbServerConfiguration -EncryptData 0

If SmbServerNameHardeningLevel is set to any value other than the default of 0 run:

Set-SmbServerConfiguration -SmbServerNameHardeningLevel 0

to restore the default.

Connectors fails to initiate connection to outside devices

+

In some instances, the Linux distribution is preventing the connectors (Docker) from initiating connections to outside devices. The solution is to update the firewall settings on the Linux distribution using the following commands:

# firewall-cmd --zone=public --add-masquerade --permanent
# firewall-cmd --reload
# systemctl restart docker

Configuring Read-only Access to Cisco

+

The NP-View Connector for Cisco uses a read-only SSH connection to collect the output of the show running-config command. It is best practice to create a dedicated read-only user on your Cisco devices when configuring connectors. Here are the commands to only give the minimum permissions needed for this user:

conf t
aaa authorization command LOCAL
privilege show level 2 mode exec command running-config
privilege cmd level 2 mode exec command terminal
username $USERNAME password $PASSWORD priv 2
end

Bulks Start Parameters

+

To help balance the processing load of managing multiple connectors and improve user experience on the topology map, the bulk start function can be scheduled to off hours using system parameters. The docker-compose.yml file contains two parameters for the bulk system start function in the monitor: environment: section

  • connBulkStartTime=21:00:00 # defines the start time for the connectors, format is Hours:Minutes:Seconds, 24 hour clock.
  • connBulkStartSpread=00:15:00 # defines the connector start stagger, format is Hours:Minutes:Seconds

Deleting Connectors

+

Connectors can be deleted by entering the connector group name and passphrase to gain access to the connector. The connector can be deleted by selecting the trash can in the upper right corner.

If the passphrase is forgotten, the connector can be forcefully deleted by the Linux Admin by removing the connector file from the folder

/var/lib/docker/volumes/NP-Live_np-connect/_data.

Reference

Release Notes

NP-View releases are divided into two groups:

  • Release Candidates introduce new features and go through the full QA process once a quarter.  The rollout of release candidates is staged to ensure product quality.
  • General Releases are release candidates that have gone through field testing and any critical issues resolved before releasing to the general population. General releases typically lag release candidates by a month or more.

Release candidates generally following the below schedule: January, April, July and October

General releases do not follow a fixed schedule since they are driven by field testing and support requests.

Below is the list of releases and the features / fixes in each release. Only the most current release available to a customer will be posted on the portal.  

If you have any question, please contact us at support@network-perception.com.

The release notes are also available from within the NP-View application. By clicking the version number in the lower left hand corner of the workspace screen,

the release notes can be viewed.

NP-View Desktop and Server – 2024

[6.0.1] – 2024-12-09 – General Release

+
Bug Fixes, Enhancements
Added the ability to manually create a layer 2 switch with MAC only connections using text files.
Resolved an issue where rule usage was not properly displaying for pfSense.
Resolved an issue where the NERC-CIP Report Topology Screenshot was Overriding Network Name with IP.
Resolved an issue where connectors can be set to upload to a no-longer existing workspace.
Resolved an issue where 'Network with No IP' name labels were absent after 'show only bridge groups' selected.
Resolved an issue with initial license verification during install.
Resolved an issue where Static NAT config on Cisco ASA was not recognized.
Resolved an issue where deleting a connector group does not remove scheduled tasks.
Resolved an issue where user selected endpoints are not traversing views for L2 hosts.
Resolved an issue where some address objects were being improperly translated for Palo Alto 10.1
Resolved an issue where the state of display layer 2 and verified assets check box was not used when switching views.
Resolved an issue where File Download and Files Retrieved was not populated until modal is closed and re-opened.
Resolved an issue where the topology export to PDF was not reflecting layer 2 assets.
Resolved an issue where the connector Last Run filter was not operating correctly.
Resolved an issue where topology annotation call outs are not visible on topology until page is reloaded.
Resolved an issue where MAC addresses data were not displaying in the interface table.
Resolved an issue where connectors were not running in parallel.
Resolved an issue where some Layer 2 VLAN's being displayed as gateways.
Resolved an issue where adding new Aux data removes pre-existing host descriptions and devices from zones.
Removed the account preferences page from the setup wizard.
Removed the ability to create a New Group, New Connector or Clone a Connector using the legacy connector function.

[6.0.0] – 2024-10-18 – Release Candidate

+
Bug Fixes, Enhancements
Added a new connector feature to the Desktop and Server Editions.
- The new connector supports Cisco ASA, Cisco ISO, Fortinet FortiGate, Fortinet FortiManager, Palo Alto NGFW, Palo Alto Panorama, CheckPoint, SSH, SMB and Solarwinds NCM. All other connectors have been deprecated.
- Key improvements include:
- Password manager to reuse and manage passwords across multiple connectors.
- New user workflow for creating groups and connectors.
- Automated data collection and download.
- Flexible scheduling (Server only)
- Improved runtime and scheduling status (Server Only).
- Added the option to automatically collect Layer 2 data (ARP, MAC, Interface and Routes) from Cisco ASA and IOS devices to enrich the topology map.
Added baseline support for Layer 2 visibility for Cisco IOS and ASA devices:
- Create a view that displays Layer 2 Switches, Layer 2 Networks, and Hosts from Layer 2 data from Layer 3 devices.
- Create a view that displays Layer 2 links (blue dotted lines) to layer 2 nodes when the link is known to be L2.
- Control the map from Topology Settings to display or hide Layer 2 Nodes / Links.
- Control the map to expand or collapse Layer 2 Networks and attached hosts.
- Search function to locate, highlight, and open the info panel of a Layer 2 node.
- View VLAN information on the nodes info panel.
- View Layer 2 / VLAN data in the interface table.
Added Support for Dell PowerSwitches running OS10.
Added support for Nvidia Mellanox running Onyx OS.
Added support for topology enrichment using PCAP and PCAPNG (file size up to 200 mb).
Added the ability to personalized endpoint icons.
Added the ability to annotate topology devices and endpoints.
Improved licensing support for re-adding devices, hitting the device max limit, removing all devices from NP-View and runtime errors indicating no license present.
Improved support for multi-home devices in path analysis.
Resolved an issue where compare in the Access Rules table was flagging rules that have not changed.

[5.1.3] – 2024-9-16 – Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where some device interfaces could be missing from the NERC-CIP wizard.

[5.1.2] – 2024-9-4 – Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where NP-View timestamps were always displayed in UTC.

[5.1.1] – 2024-8-30 – Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where importing Palo Alto configuration files with multi-vsys resulted in all rules not being loaded.
Resolved an issue where deleting a device from Home View did not remove the device from custom views.
Resolved an issue where the Zone Matrix was not populating all subnets.
Resolved an issue where topology search on the home view was not highlighting the device.
Resolved an issue where Path Blocking results were not clearing on ESC.
Resolved an issue where special characters in file names resulted in an unsuccessful import.
Resolved an issue where views were switching after the import of auxiliary data.
Resolved an issue where Path Highlighting to Multi-Homed hosts were not displaying properly.
Resolved an issue where a file failing to parse was sending incorrect results to the import uploaded panel.
Resolved an issue where the Asset Inventory Type column drop down filter was not displaying.
Resolved an issue where two modals were created when using Hotkeys
Resolved an issue where Importing Aux files into an NPX created Workspace breaks asset verification.
Resolved an issue where view performance degraded as more views were created.
Resolved an issue where some Aliases were being improperly cataloged for Cisco devices.
Resolved an issue where inputting the license key on a new system failed to properly register.
Resolved an issue where the workspace count was being improperly calculated and prematurely reaching the system limit.
Resolved an issue where overlapping rules were causing duplicate paths for Palo Alto devices.

[5.1.0] – 2024-7-9 – Release Candidate

+
Bug Fixes, Enhancements
Added support for multi-homed hosts (hosts with multiple NIC cards).
Added support pfSense Community Edition version 2.7.2.
Added support for Cisco VRF.
Added a feature to verify inferred hosts on the topology and asset inventory report.
Added a feature to selectively hide topology data.
Added a topology setting to hide Gateways with No IP by default.
Improved the manual data import workflow for ease of use.
Improved support for importing and adding auxiliary data to views.
Improved support for Cisco ASA contexts.
Improved the startup performance of the NP-View database.
Improved the Release Notes page.
Improved the System Log page to better utilize page real estate.
Improved the Topology Export to reflect what is shown on the topology.
Improved the NERC CIP Report Topology Snapshots to reflect what is shown on the topology.
Resolved an issue where auto generated network zone that contains a name with a period (‘.’) as one of the characters cannot be deleted.
Resolved an issue where TwiceNAT rules were not being displayed.
Resolved an issue where MAC addresses were not showing in the interface table or asset inventory table when loaded from ARP files.
Resolved an issue where we were not detecting when a Cisco ACL has Both a Src and Dst binding.
Resolved an issue where translated NAT addresses were showing up as an unmapped address.
Resolved an issue where the external route file for a Cisco device is parsed but routes are not saved.
Resolved an issue where editing the node criticality was also editing the criticality for the Zone.
Resolved an issue where processing a Fortinet with an embedded switch returned erroneous rulesets.
Resolved an issue where collapsing all nodes in a zone left an empty zone on the topology (it is now hidden).
Resolved an issue with parsing an encoded SonicWall file.
Resolved an issue where some object groups were being duplicated.
Resolved an issue for the SEL where file content shown in UI has many ***** lines that are not in the config imported.
Resolved an issue where default rules have incorrect line numbers due to empty chains/ACLs on Linux.
Removed the Explicit Deny by Default section from the Best Practice Report.
Removed (temporarily) the ability to compare two configuration files from the file viewer.

[5.0.4] – 2024-6-25 – General Release

+
Bug Fixes, Enhancements
Resolved an issue where scheduled connectors would not run unless logged into the connector group and upon logging in, all connectors were being run (server only).
Resolved an issue where some device manufacturers were being improperly displayed in the UI.
Resolved an issue where some users were prohibited from creating access rules and object groups comments when using LDAP authentication (server only).
Resolved an issue where transferring a workspace was not properly completing resulting in missing data in the info panel (server only).

[5.0.3] – 2024-5-3 – Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where the workspace report failed to generate under certain conditions.

[4.3.6] – 2024-5-2 – General Release

+
Bug Fixes, Enhancements
Improved the performance of the Cisco device parser.
Resolved an issue where the Description Field in the Access Rules table was showing duplicate data for Cisco devices.

[5.0.2] – 2024-4-25 – Release Candidate

+
Bug Fixes, Enhancements
Added a topology filter to show / hide gateways that have no IP address.

[5.0.1] – 2024-4-8 – Release Candidate

+
Bug Fixes, Enhancements
Please read the disclosure on Incremental Data Availability Across Workspaces and Views.
Improved the presentation of Vulnerabilities and Services from the info panel.
Improved NAT Rules to Show CIDR Instead of Object Group Name for Translated Address.
Improved the display of Fortinet interfaces to include the alias property.
Improved the performance when saving topology.
Improved the table highlighting for object group popovers on the access rules table.
Improved support for warnings in the risks and warnings report.
Added a connector and data parser for Claroty CDT to import assets.
Improved support for Ruggedcom RX1500 and Ruggedcom ROX devices.
Improved support for Fortinet with focus on 7.2 devices.
Improved the performance of the Cicso device parser.
Resolved an issue where L2 switch ports were being depicted as gateways.
Resolved an issue where IP addresses assigned to each L2 switch were improperly creating hosts.
Resolved an issue where Fortinet L2 VLAN’s were not set correctly for switch ports.
Resolved an issue where the nesting in a service group was not identified for Sonicwall.
Resolved an issue where exported workspaces were not visible to the Admin role.
Resolved an issue where NAT Rules were Incorrectly Showing ‘any’ as ‘Original Address’.
Resolved an issue where the Viewer role users could change device type.
Resolved an issue where the user was unable to Set Criticality for Host to None.
Resolved an issue where the Zone Segmentation Matrix was being enabled for Single Zone (requires at least two zones).
Resolved an issue where ‘ESC to clear’ banner was still present after switching views.
Resolved an issue where Summary reports were not updated with data from updated risks report.
Resolved an issue where Object Linking was not working for all Objects w/IP on the Topology.
Resolved an issue where Palo Alto Virtual Routers were being pushed as separate devices.
Resolved an issue where the Interfaces Tables in a view was not filtering out other devices in the workspace.
Resolved an issue where global objects were not properly displaying in the access rules table.
Resolved an issue where translated NAT addresses were showing up as an unmapped address.
Resolved an issue where the outbound highlighted paths were not displayed correctly.
Resolved an issue where deleting a device from the Home view was not deleting zones properly.
Resolved an issue where cancelling an analyze process could render the workspace unusable.
Resolved an issue where the Application set to ping for Palo Alto devices was generating an unnecessary risk alert.
Resolved an issue where the NERC-CIP report would not generate until after a Topology Save.
Resolved an issue where the NERC-CIP Wizard is not auto selecting EAP when attached to multiple EACMS.
Resolved an issue where comments were not retained when importing a .npx file from a version prior to 5.0.
Resolved an issue where deleting a view may make a Workspace unusable for another user (server only).
Resolved an issue where connector won’t upload to a Workspace when the Workspace is added connector creation (server only).
Moved the device delete option to the kebab menu.
Removed ‘est time remaining’ from background tasks.

[5.0.0] – 2024-2-5 – Limited Release Candidate

+
Bug Fixes, Enhancements
This release contains several database architectural changes designed to improve system performance.
During installation, a database maintenance procedure will be performed which will:
> Remove topology history from the system freeing up to 60% of database and RAM.
> Remove all pre-generated table highlights.
> Remove all pre-generated risks and warnings data.
> Path Analysis has been improved to reduce RAM usage and resolve several issues with external path analysis where not all external gateways were included in the analysis. Upon next analysis run (data import into a specific view), the analysis results will include the previously omitted paths.
*** It is strongly advised to back up your NP-View database prior to upgrade as there is no going back to a previous version otherwise.
For users of the OVF, we replaced CentOS7 with Ubuntu Server due to the pending end of life for CentOS7.
Added an Interfaces report for individual devices and workspaces.
Added a Routes report for individual devices.
Added a NAT report for individual devices.
Added a Zone Connectivity Matrix to show communication between zones.
Added a connector and data parser for Claroty CDT to import assets.
Added table highlighting to the connectivity paths table to identify interactive service ports.
> This feature must be enabled in the policy manager.
Added support for Cisco VACL’s and Static NAT from Route maps.
Added support for FortiSwitch Rugged devices.
Improved the visualization and performance of the connectivity matrix.
Improved the visualization and performance of the Risks and Warnings report and added linkage of rule risks to the access rules report.
> Note that the rule risk requirements have been updated and all previous risk alerts will be removed upon upgrade.
> It is recommended that the risks and warnings table be exported before upgrade if information is to be retained.
> Also, the comment function has been removed from the risks and warnings table, the recommendation is to use the linked rules table to add comments.
Improved the visualization and performance of the Asset Inventory report.
> The comment function has been removed from the asset inventory report.
Improved the performance of the table highlighting function.
Improved the performance and usability of the Manage Views function.
Improved the performance and usability of the zone creation and management functions.
Improved the performance and usability of the Topology Map including, loading time, expand / collapse, and stepping stone workflow.
Improved the performance and memory requirements of the external path analysis. See the KB for details of the analysis changes.
> For some customers this manifested itself as a process stuck at 93% which never finishes.
Improved support for Fortinet devices including tunnels.
Improved the performance of the save topology function.
Updated the workspace report to match the new interface, NAT, and Routes reports.
Resolved an issue with Fortinet where ISDB services used in rules were incorrectly formatted.
Resolved an issue where the Best Practice Report, Section 1.4, showed unmapped hosts.
Resolved an issue where disabling a table highlighting requirement or policy did not work.
Resolved an issue where the analysis would incorrectly discard legitimate peers from tunnel endpoints.
Resolved an issue where the analysis failed to translate fully qualified domain names nested groups.
Resolved several parsing issues with Fortinet devices.
Resolved an issue where importing host Aux Data did not import IP Addresses.
Resolved an issue where the desktop software would time out after 30 days and require reauthentication.
Resolved an issue where the desktop “Printer / PDF” function did not provide an option to Print.
Restored the workspace rename function.
Removed the comment feature from the risks and warnings and asset inventory reports.
Removed the comment count blue bubble from the topology and settings menu.
Removed the reset function for table highlighting as it is no longer needed.
Removed the SRC Criticality and DST Criticality columns from the Access Rules table due to loading performance issues.

NP-View Desktop and Server – 2023

[4.3.5] – 2023-12-20 – General Release

+
Bug Fixes, Enhancements
Resolved an issue where scheduled connectors would not run unless logged into the connector group and upon logging in, all connectors were being run (server only)
Resolved an issue where some device manufacturers were being improperly displayed in the UI.
Resolved an issue where some users were prohibited from creating access rules and object groups comments when using LDAP authentication (server only).
Resolved an issue where transferring a workspace was not properly completing resulting in missing data in the info panel (server only).

[4.3.4] – 2023-11-27 – Release Candidate

+
Bug Fixes, Enhancements
Improved support for virtual routers associated with a virtual firewall in Palo Alto devices. Note that the improved support identifies additional interfaces which will add extra computational time to path analysis.
Improved support for Routes, Static/Dynamic NAT, Route Maps and VACL’s in Cisco devices.
Improved support for tunnels in Fortinet devices.
Improved support for IPSec tunnels in both star and meshed communities in CheckPoint devices.
Resolved an issue where some ports were missing in Fortinet FTD devices.
Resolved an issue where Rule & Object IDs are being duplicated causing reporting conflicts.
Resolved an issue where FortiSwitch devices were not properly parsed.
Resolved an issue where legitimate peers from tunnel endpoints were incorrectly discarded.
Resolved an issue where importing Host Aux Data did not display IP Address for an unmapped host.
Resolved an issue where the Notification manager displayed improperly requiring a refresh to clear.
Resolved an issue where connectivity paths in excess of 100,000 rows caused a view not to load.
Resolved an issue where the system log was not using a consistent time zone for tagging events.
Resolved an issue where repetitively exporting / importing a workspace caused the file to exponentially grow in size.

[4.3.3] – 2023-9-11 – General Release

+
Bug Fixes, Enhancements
Added the capability to analyze rule usage from Palo Alto Next Generation Firewalls using the updated connector and Access Rules Table. See the Knowledgebase for details.
Resolved an issue where naming was not enforced for connectors. The connector naming is now consistent with the naming of Workspaces and Custom Views (3-24 alphanumeric, hyphen, or underscore characters). If the user edits any existing connectors with an invalid length or characters, they will need to adhere to the updated naming convention before saving.

[4.3.2] – 2023-8-28 – Release Candidate

+
Bug Fixes, Enhancements
Improved support for virtual firewalls and virtual routers in Palo Alto devices with additional support for device selection in connectors and manual import.
Improved the Cisco parser to include serial port information.
Improved device type identification for Switches and Routers.
Improved multiple parsers for preserving interface names and port ID.
Improved tunnel type identification for Fortinet devices.
Improved the coverage of address pool peering to better present tunnel peers.
Improved support for Fortinet VDOMS which have the same name on different devices.
Improved the labeling on topology hosts and network nodes to display names by default and IP addresses on hover.
Improved the real-estate usage of the workspaces page to allow for more horizontal widgets.
Improved support for multi-vsys on Palo Alto devices.
Improved the performance of the analysis engine for large config files. Depending on file size and vendor we have seen up to a 30% reduction in processing time.
Resolved an issue where the version sorting on the Compare Path history function was not in descending order.
Resolved an issue where the topology may not refresh with new devices after a connector pull.
Resolved an issue where URI reserved characters were showing as percent encoded in asset inventory.
Resolved an issue where the contents of search boxes were not saved in access rules.
Resolved an issue where Alphanumeric naming was not enforced for connectors. This allowed users to previously name connectors with not approved characters. If the user edits these connectors they will need to adhere to the updated naming convention to save.
Resolved an issue with the Connectivity Matrix not refreshing after new configs were imported.
Resolved an issue where the System Log pause or download feature did not work properly.
Resolved an issue with License and Terms where setting a device as Invisible did not work as intended.
Resolved an issue for Fortinet devices where additional paths were shown for rules with destination zones.
Resolved an issue for Fortinet devices where source and destination bindings were sometimes incorrect in the Access Rules Table.
Resolved an issue with Fortinet parsing ports.
Resolved an issue where running “Stepping Stone Analysis” from the NERC-CIP wizard broke path highlighting.
Resolved an issue where Step 4 of the NERC-CIP wizard would intermittently not load the path information.
Resolved an issue where Highlight Paths mode did not show “ESC to Clear” when paths were selected.
Resolved an issue where renaming a Workspace required a browser refresh.
Resolved an issue in the Workspace Report where the Access Rules table for Palo Alto devices was not sorting correctly.
Resolved an issue with the desktop edition where the list of exported workspaces did not persist.
Resolved an issue with the SonicWall parser which was erroring when setting binding groups.
Known issue: saving a topology with a large number of tags & criticalities can be slow.
Known issue: loading or deleting workspaces when the system contains a large number of conditionally formatted access rules can be slow.
Known issue: loading a Panorama file with multiple firewalls, vsys and virtual routers can be slow to present the device selection list.
Known issue: loading the devices from a CheckPoint R80/R81 connector for device selection can be slow due to CheckPoint API issues.

[4.3.1] – 2023-7-21 – Limited Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where NP-View Desktop would not start properly on Windows Server 2016.

[4.3.0] – 2023-7-17 – Limited Release Candidate

+
Bug Fixes, Enhancements
Added a CiS Benchmark Policy for Juniper.
Added support for rules with action trust bypassing other rules for Cisco Firepower.
Added experimental parser support for FS Switches.
Added alphabetical sorting to the connectors page.
Improved the performance of the device information panels.
Improved the performance of the Connectivity Paths Table and linked the Path Table to the Access Rules Table for visibility. Note that comments are no longer available for the Connectivity Paths table.
Improved the performance of the backend system manager and webserver.
Improved the Cisco parsing grammar to support service-object referencing IANA ports by name.
Improved the ability for the Cisco parser to identify device types.
Improved the loading animation to show status updates.
Improved the ability for parsers to detect misformatted xml files and log errors.
Updated the Service Risk Policies and Highlighting to exclude Ping.
Upgraded the NERC-CIP ERT export to v7 and the Asset Column Dropdown options in ERT > BES Table.
Resolved an issue to preserve the sequence order from the XML data for Panorama.
Resolved an issue where the criticality of hosts were not being updated in the Access Rules Table.
Resolved an issue where MAC addresses were not displaying.
Resolved an issue where internally generated NPV_ interfaces were showing in the UI.
Resolved an issue where some path highlights were missing.
Resolved an issue where Interface names in NERC CIP Wizard do not match names in Access Rules modal.
Resolved an issue where the Access Rule config line numbers were incorrect (desktop only).
Resolved an issue where the Object Groups comparison bean count didn’t match the rows in the table.
Resolved an issue where all devices from the same device group in the Panorama connector retrieve device list were not showing.
Resolved an issue where the asset call on home view returned a list of interfaces instead of assets.
Resolved an issue where historical comments for removed Access rules Object groups were not displaying in compare mode.
Removed the pin/unpin, arrange in circle and expand/collapse icons from the topology map (they are available by clicking on a node and using the kebab menu on the info panel).

[4.2.2] – 2023-5-22 – General Release

+
Bug Fixes, Enhancements
Resolved an issue where retrieve device list for the Checkpoint connector was not working.
Resolved an issue where the Risks and Warnings list in the Best Practice report did not match the Risks and Warnings Modal.
Resolved an issue where the Hostnames Node Count in Section 1.4 of the Best Practice Report was incorrect.
Resolved an issue with the NERC-CIP Excel Export where the Critical Assets Tab was displaying errors.
Resolved an issue where opening the Rules/Groups modals before the map loads causes an infinite re-render.
Resolved an issue where the Viewer Role could hide, add and delete comments in change tracking; add standard comments to access rules and object groups and can click ‘create new view’ button in Manage Views.
Resolved an issue where the Name of New View field becomes unselectable (Windows Desktop).
Resolved an issue where Workspace Report MD5 Checksums did not match the files.
Resolved an issue where some NAT Rules are missing translation in the Workspace Report.
Resolved an issue where the CheckPoint R80/R81 Connector was unable to fetch configs (Server).
Resolved an issue where selecting Generate NERC CIP Report from Summary Reports did not include Topology Screenshots.
Resolved an issue where the exported Topology Map PDF was Missing Zone Names.
Resolved an issue where the Access Rules and Object groups modals did not refresh after switching to Comparison mode.
Resolved an issue where the NERC CIP Report page becomes unresponsive and crashes the application for large views.
Resolved an issue where renaming a custom view breaks linkage to assigned zones.
Resolved an issue where Clear All Filters and Reset All Settings did not reapply the default sort order.
Resolved an issue where the number of paths in the workspace and Workspace Report did not match.
Resolved an issue with the incorrect number of in access rules for Fortinet devices.
Resolved an issue with the incorrect display of rule services for Fortinet devices.
Resolved an issue where the Access rules table was missing policies for SonicWall devices.
Improved the Cisco parser to extract radio port attributes from statement “interface dot11Radio X”.
Improved the Cisco parser to create zones from security level interfaces.
Improved the Cisco parser to create port-channel and sub-interfaces with type virtual.
Improved the Cisco parser to preserve interface names and port IDs.
Improved the Cisco parser to display a default gateway off of a BVI interface on the topology map.
Improved the Cisco parser to parse SNMP server hosts.
Improved the rendering of the Access Rules and Object Groups modal reports.
Added a table for Rules without Descriptions to the Best Practice report.
Added the ability to show NAT Rule translation “any” in workspace report.
Added a parser for the XML output of the SEL-3620.
Removed conditional highlighting from Access Rules Service column for ICMP any to any.

[4.2.1] – 2023-5-1 – Release Candidate

+
Bug Fixes, Enhancements
Resolved an issue where importing a .NPX file or access rules table with comments resulted in improper loading of the data into NP-View.
Resolved an issue where the Workspace report was not filtering the risks and warnings for the open workspace and the count of interfaces did not include hidden management networks.
Resolved an issue where the NERC-CIP report would not generate when a large quantity of access rules were present in the workspace.

[4.2.0] – 2023-4-10 – Limited Release Candidate

+


Released Generation 2 of Connectivity Path Analysis which includes
  • Added external analysis to include devices previously contained in ‘unmapped’ into the analysis.
  • Improved order of operation for Cisco devices, particularly in ingress processing and egress filtering steps.
  • Improved handling of NAT rules, particularly the bi-directional NAT rules and twice NAT rules.
  • Added logic to transform destination range 0.0.0.0-0.0.0.0 to a wildcard for Cisco. This improvement can cause an increase in the number of paths for Cisco configs that use the 0.0.0.0-0.0.0.0 constructs, usually seen in wildcard permissions for web services.
  • Improvements in handling routes including:
  • Allow allocation of destination space to routes leading back to ingress.
  • Validation that all used routes are listed in the paths output and are unique.
  • Ensuring that route names are unique across devices.
  • Allow ranges to pass through the default route through rerouting.
  • Improvements to the inclusion of routes through the default interface.
  • Improvements in paths through gateways:
  • Whether the search is launched by choosing a peer or a gateway, any paths that result will have the first device in the path be the gateway and have the peer’s ID be listed as the ‘include’ on the Path EndPoint describing the start.
  • Limit networks launched from the gateway as a source to be dominating peers. The peer can only get back to the device (firewall) that directs routes to it.
  • Improved recognition and handling of border gateways.
  • Improved computations of VPN and tunnel paths for Cisco firewalls.
  • Improved computation of independent paths.
  • Improved the treatment of parent and child networks.
Bug Fixes, Enhancements
As of this release, the Essential Desktop and Enterprise Server editions are no longer being offered. NP-View is offered in a desktop edition for Windows and a Server edition for Linux.
Improved NERC-CIP wizard workflow to include any:any interfaces when using external analysis.
Improved NERC-CIP report topology snapshots to include in-scope hosts.
Improved the Palo Alto and Cisco parsers to resolve specific customer issues.
Added analysis description to View Names to indicate type (standard or external) in manage views and view selector.
Added NAT table in Workspace Report.
Resolved an error for RuggedCom RX1500 performing analysis to target node.
Resolved an issue where the Rule Policy destination service ‘any’ rule triggered a risk for the any to case. The update now restricts the risk to ‘any to any’ cases.
Removed the traces function from device info panel.
Removed the single device Drilldown option from home view right click menu (use view manager).
Removed the Connectivity matrix from Info panel on Home view (still available from within custom views).
Removed the device rename option from the device info panel.
Resolved an issue where the SSH connector returns success even with a bad password when testing the connector (Server Only).
Resolved an issue where the SSH connector returns success even with a bad password (Server Only).
Resolved several access related issues to the viewer role (Server only).

[4.1.1] – 2023-3-3 – General Release

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Resolved an issue where standard comments were missing from the Workspace Report. X X X X
Resolved an issue where renaming a Drilldown view caused the view to not load. X X X X
Resolved an issue where the criticality of Hosts was not being updated in the Access Rules Table. X X X X
Resolved an issue where Views could be created with zero devices selected. X X X X
Resolved an issue where the access rules and object groups compare function were not filtered to the active device. X X X X
Resolved an issue where disabling a standard policy was not disabling the policy. X X X X
Resolved an issue where Palo Alto host IPs were not properly linking from the Access Rules and Object Groups table. X X X X
Resolved an issue where the Export Map function was not displaying zones. X X X X
Improved loading performance of the main menu. X X X X
Resolved an issue where Palo Alto 850 VLAN interface IP Addresses are not detected. X X X X
Resolved an issue for Checkpoint R80 with Parse bond interfaces/link aggregation. X X X X
Improved support for Fortilink protocol to depict layer2. X X X X
Resolved several issues where SonicWALL configurations were not loading. X X X X
Resolved an issue where Compare Path History was erroring when loading the difference table. X X X
Resolved an issue where updating a connector triggers the connector to run. X X
Resolved an issue where Connector Groups would not load after upgrading to 4.1.0 X X
Resolved an issue where running an on demand connector ran all active connectors X X

[4.1.0] – 2023-2-10 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Replaced the Access Rules and Object groups table reports with a new technology that provides for faster rendering and support for larger workspaces and configuration files. The new report contains upgrades for the following: comparison, comments with inline editing and history, conditional formatting, import/export, topology linking to devices. The Access rules table now supports Object group visibility and duplicated rules. X X X X
Replaced the ‘Manage Zones’ function with a new technology to improve performance. X X X X
Improved support for Fortinet devices including support for internet services in policies, hardware switches, virtual-switch blocks and the “Forti link” protocol, to depict layer 2. X X X X
Resolved issues with Cisco devices where NP-View was not identifying split tunnels and corresponding ACL and was throwing an error when parsing ipv6 object “subnet ::/0”. X X X X
Resolved an issue where Sophos v19 was not properly categorized. X X X X
Resolved several issues with the sanitizer not supporting devices properly. X X X X
Increased the default number of devices within a custom view to 25. X X X
Replaced the SMB connector with a new technology that improves connector reliability and folder recursion. X X
Removed the polling limiters from the notification manager. X
Resolved several issues when supporting HA pairs (Connector and Risks and Warnings). X

[4.0.11] – 2023-1-27 – General Release

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Resolved an issue preventing the Windows Desktop Edition from starting after installation. X X
Added function to manually save the topology map for admin and workspace admin user groups X X X X
Improved the parser logic and support for Fortinet devices; ISDB services in rules, objects of type ‘interface-subnet’, address group Wi-Fi address with no static IP address and Mismatched VDOM in rule/service association X X X X
Added support for dynamic filters found inside address objects for Panorama devices X X X X
Improved support for Palo Alto 850 X X X X
Resolved issues where the comments don’t persist for Object Groups or Risks & Warnings reports and the comment timestamp becomes “N/A” after closing report. X X X
Implement logic to provide additional granularity for session timeout and changed the default to half hour if session length is set to 0. X X
Improved Panorama connector logic and support for Fortinet FortiManager devices X X
Enhanced the Source, Destination and Service columns in the Access Rules table to display and export Object Group details X
Added support for the licensing of active / passive HA groups for firewalls X
Improved the comparison function for Access Rules and Object Groups X

NP-View Desktop and Server – 2022

[4.0.10] – 2022-12-30 – General Release (Enterprise)

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Added function to manually save the topology map for admin and workspace admin user groups X
Improved the parser logic and support for Fortinet devices; ISDB services in rules and objects of type ‘interface-subnet’ X
Added support for dynamic filters found inside address objects for Panorama devices X
Implement logic to handle floating point values for session length and default to half hour if session has been set to 0. X
Fixed connector logic and support for Fortinet FortiManager devices X
Enhanced the Source, Destination and Service columns in the Access Rules table to display and export Object Group details X
Added support for the licensing of active / passive HA groups for firewalls X

[4.0.9] – 2022-12-15 – General Release (Enterprise)

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Added upgraded modal reports for Access Rules and Object Groups with improved display performance. Also includes custom meta data field capability with history and export / import and data synchronization capabilities. X
Added the capability to create custom risks and warnings within policy manager. X
Added the capability to create custom conditional formatting within policy manager for modal reports. X
Improved the NERC-CIP report with better support for Palo-Alto devices and improved Access Rules modal report. X

[4.0.8] – 2022-12-05 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Enhanced Path Analysis table function; clicking on device name opens Access Rule modal, pre-filtered to display only the line corresponding to the IP/line/device X X X X
Improved the performance of the topology save function X X X X
Added conditional formatting to applicable sections of the NERC-CIP summary report X X X X
Added Path Block Analysis: take two hosts/ two networks/ or one host and one network and troubleshoot if the connection between is blocked, and if so why X X
Added new default requirements to perform conditional text and cell formatting; Action – Permit/Deny, Source – Any, Destination – Any, Service – Any, Risk – None, Risk Criticality – NA, Enabled – True/False X X
Improved Policy Manager functions; When creating requirements all logic rows will follow the operator of the first row; AND/OR. Invalid operators selection will be disabled in all rows but the first row. X X
Improved Panorama connector’s logic for device state selection in configuration manager; active / all. All includes both active/passive routing devices X X
Updated system logging with additional information when modifying custom fields in Access Rules or Object Groups X

Known defects that may exist + Plan for resolution

  • When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
  • Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
  • For additional information, or further questions, please reach out to support@network-perception.com

[4.0.7] – 2022-11-07 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Fixed an issue where the Object Group table displayed internal names instead of protocols and ports for the Value column X X X X
Fixed a parsing exception and improved parsing support for HP devices X X X X
Added ability to copy standard fields for Access Rules and Object Groups X X X X
Added an “Alias” column to the interface table for Palo Alto devices X X X X
Added “Checked for Updates” to System Menu X X X X
Improved the View Manager menu to allow users to select all devices when creating a view X X X X
Improvements to the creation and navigation of Topology views X X X X
Improved support for Cisco Remote Access Tunnels X X X X
Added function to include topology snapshots to the NERC CIP report X X X X
Improved the connector logic and support for Checkpoint devices X X
Improved connector usability by combining the ‘Test Credentials’ and ‘Test Connector’ buttons during set up of new connector X X
Fixed issues that resulted in connector errors when a user clicked either the test connector or retrieve device list buttons during new set up or editing of connector X X
Enhanced Policy Manager functions; at-a-glance view of a policy enabled/disable state and text/styling changes on Risks & Warnings and Table Highlighting tab X X
Improved the connector logic and support for Panorama devices X X
Enhanced Policy Manager functions; custom requirement editing and cloning X

Known defects that may exist + Plan for resolution

  • When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
  • Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
  • For additional information, or further questions, please reach out to support@network-perception.com

[4.0.6] – 2022-10-06 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Resolved miscellaneous issues in NERC-CIP report generation and export X X X X
Enhanced background task functions; clicking on active task spinner opens background task modal, clear/cancel individual tasks and vertical scroll functionality X X X X
Improved the stylings of the View Manager; added the search bar for devices, hovering over the saved custom view displays the device names included in the custom view. Added view/device counts X X X X
Implemented logic to set secure cookies never to expire for desktop edition. Set cookie expiration per customer (default = 30 days) for server edition X X X X
Optimized policy performance by running policies only when necessary. Default policies in serial instead of parallel X X X X
Improved disk recovery when there is less than 200 mb of disk available X X X X
Added “Internal” column to the Object Groups modal and resolved “Internal” Object Group filtering X X X X
Improved support for Juniper devices such as rules and groups with wildcard IP addresses, routes via multiple gateways, multiple mapped IPs in NAT rules and updated parsing of source NAT to read destination address translation and updated Juniper predefined services list X X X X
Added Strict-Transport-Security to default HTTP response headers to Web servers X X
Improved Panorama connector’s logic for device selection in configuration manager X X
Added “Manage Connectors” to System Menu X X
Added a “From Address” optional field in the Configure Service tab in Notification manager to override SMTP server’s rejection when a non valid email address is provided X X
Added a new SMB connector under Volume Share in NP-Connect; SMB Date Folder Strategy X
Added the synchronization of metadata ‘custom fields’ across same object groups for users and workspaces X
Introduced Policy Manager functions; Enterprise users can now create custom policies and requirements. Numerical comparison operators can now be used in custom requirement logic to find things like for example devices > zero X
Enhanced Policy Manager functions; selecting a policy loads the content immediately, changed order of logic for new requirement and text/styling changes on Table Highlighting tab X
Enhanced the Access Rules and Object Groups with the addition of custom fields for user generated content X

Known defects that may exist + Plan for resolution

  • When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
  • Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
  • For additional information, or further questions, please reach out to support@network-perception.com

[4.0.5] – 2022-08-25 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Resolved an issue where the line numbers displayed in Access Rules tables did not match the configuration file imported X X X X
Improved the path analysis, including NAT and egress functions for Cisco routing devices X X X X
Improved the parsing of route-based IPsec vpn tunnels X X X X
Resolved an issue where interfaces relying on variables defined in template stacks were not properly parsed X X X X
Resolved an issue where the risk and risk category columns in the access rules table displayed null values X X X X

Known defects that may exist + Plan for resolution

  • When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.4, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
  • Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
  • For additional information, or further questions, please reach out to support@network-perception.com
  • When updating to 4.0.5, any connectors set to “on demand” will need to be changed to a specific polling time. Once the polling time is changed to one day (recommend choosing one day or longer) and the connector is saved (update connector button), users can pause the connector and use the on demand button as usual.
  • Plan for resolution: This is planned to be resolved with the release of NP-View v4.0.6.

[4.0.4] – 2022-08-03 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Improved both the parser logic and support for Cisco, Juniper, and Panorama devices X X X X
Enhanced the arrange button functionality to realign and display devices in a more user friendly visualization X X X X
Updated background task logic to calculate and display a more accurate reflection of the percent complete for a task that is processing X X X X
Enhanced smart search functionality to highlight unmapped nodes after a search for them is executed X X X X
Improved the import process to resolve the anomaly related to auxiliary data not saving when included in custom views X X X
Enhanced the import process to resolve the anomaly related to device interfaces being misappropriately excluded X X
Resolved an issue where users could not view Access Rules data within the info panel when installing NP-Live with Radius authentication X X
Improved the connector logic and support for Checkpoint R80 devices X X
Resolved an issue where no path details were displayed when reviewing inbound connectivity through a zone X

Known defects that may exist + Plan for resolution

  • When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.4, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
  • Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
  • For additional information, or further questions, please reach out to support@network-perception.com
  • After importing data for Cisco or FortiGate devices (v6 and v7), the associated Risks & Warnings that generate afterwards are intermittently pointing users who further review them to non-corresponding locations in the provided config files. Also, for Cisco devices specifically, the associated Risks that generate afterwards are displaying duplicate data.
  • Plan for resolution: This is planned to be resolved with the release of NP-View v4.0.5.
  • After running table highlighting policies, fields that do not display data under the Risk and/or Risk criticality columns within the Access Rules report are being highlighted erroneously.
  • Plan for resolution: This is planned to be resolved with the release of NP-View v4.1.0.

[4.0.3] – 2022-07-05 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Updated NP-View Essential Desktop to include correct compliance module based on license key X
Fixed an issue where the compliance framework did not appear when creating a new workspace after NP-View Desktop was restarted X
Enhanced false positive risks/warnings displayed for Palo Alto Intrazone Routing X X X X
Fixed an issue where the Workspace Report displayed internal names instead of interface names for the binding/source/destination and service columns in the Access Rules section X X X X
Fixed an issue where the size of the devices was difficult to view on the topology map due to an auto zoom out in existing workspaces X X X X
Fixed an issue where importing Palo Alto configuration files was displaying duplicate devices X X X X
Improved parser and categorizer support for Panorama interfaces X X X X
Fixed an issue where the topology map was not centered when exporting the topology map to Visio or pdf X X X X
Fixed an issue where the incorrect nodes were displayed for device interfaces X X X X
Fixed an issue where the radial buttons to unpin/pin, collapse, and arrange peers did not appear after clicking on a specific node X X X X
Added Best Practice Report to the Summary Report function within the NERC-CIP and PCI Workspaces when the Best Practice Module is licensed X X X X
Enhanced view menu panel functionality so that it no longer auto closes after saving an edited custom view X X X X
Enforced naming parameters when creating/renaming custom views, workspaces, and zones X X X X
Fixed an issue where zone criticality colors were misapplied to Auto Generated Zones X X X X
Fixed the Panorama configuration file notification messaging that previously indicated to users 0 devices were imported to now indicate and display the successfully imported devices X X X X
Improved Panorama configuration file parsing to optimize the display of the correct device names X X X X
Fixed an issue where unconfigured vsyses Panorama firewalls were not being filtered out and displaying as additional devices on topology map X X X X
Removed hostname column from Asset Inventory X X X X
Fixed an issue where the display of the count of the number of dependents under a given network within the info panel was incorrect. X X X X
Fixed an intermittent issue where importing configuration files over 20 MB caused the application to lag and not execute import processes X X X X
Added SMB-Legacy and SSH connectors X
Fixed an issue where connectors were not functioning as expected after resolving all previously identified errors X X
Added the Field Names (listed below) to the SSH Connector Type. These include: Path on Remote Host, Authentication, File name include filter, File name exclude filter and File Description Key X X
Increased the width of the display bubble that shows Checkpoint and FortiManager connector types so that text no longer exceeds past the end of bubble X X
Resolved an issue where on demand connectors were rerunning upon server restart X X
Enhanced connector related authentication X X
Fixed an issue that was resulting in connector errors when a user clicked either the test connector, test credentials, or retrieve device list buttons during set up X
Resolved an issue where a false positive warning message displayed within the new connector setup window and indicated that no device list was retrieved upon creating a Panorama connector X
Improved messaging that indicates successful connection when adding a new connector and testing connector credentials X
Fixed an issue where clicking on “Generate NERC CIP Report” now displays the report in the same tab and no longer in a new one for NP-View Server Tab X
Fixed an issue where the ability to add comments to devices with no comments was previously disabled when comparing data in Access Rules X
Fixed an issue where not all Default Policies and Table Highlighting dropdown options were appearing within Policy Manager X
Fixed an issue where the topology map did not update when adding a new connector within a new workspace X
Fixed an issue where clicking the escape button did not close the Policy Management screen X

[4.0.2] – 2022-06-07 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Increased the view limit from 1 to 15 to NP-View Essential X
Resolved an issue where the Export function was missing on the Essential/Professional desktop edition in 4.0.0 X X
Rebranded the naming of the diagnostic download files from NP-Live to NP-View X X X X
Resolved miscellaneous issues in the NERC-CIP Wizard X X X X
Improved the usability of the workspace page; disable Add Workspace button when limit has been reached and provide error message when limit has been reached X X X X
Added title to ALL table components in the NERC-CIP Reports when exporting to Excel X X X X
Resolved an issue where the NERC-CIP Wizard displayed mismatching data X X X X
Resolved an issue where the Auto Generate Zones doesn’t work X X X X
Updated the Category color for “CIP: Protected Cyber Asset” from red to orange X X X X
Resolved an issue where multiple interfaces had the same IP Address when running the NERC CIP Wizard X X X X
Resolved an issue where updating licenses is not updating with the new license data X X X X
Resolved issues with the SolarWinds Connector Device List X X
Resolved an issue with the Splash Page on NP-View Desktop 4.0.0 missing logo X X
Removed the Compared Results column from Access rules table due to new comparison function X X X X
Resolved an issue where importing a NP-View Java project with customized fields, where missing after import into NP-View X X X
Improved the usability of the NERC-CIP Report; fixed blank web pages and console errors X X X X
Resolved an issue where the Sidebar was stuck in loading after a new local install on a new workspace X X
Resolved an issue where user could not create a custom view from selection (right click) X X X
Resolved an issue where labels added where stacking on top of each other during NERC-CIP wizard process X X X X
Resolved an issue where the Enterprise license can’t create additional views X

[4.0.1] – 2022-5-25 – General Release

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Resolved an issue where the NERC-CIP report had an issue loading the EACMS section. X X X X
Resolved an issue where the NERC-CIP Wizard displayed mismatching data. X X X X
Resolved an issue with the license downgrade function on Windows desktop. X X
Resolved an issue where the Viewer role could change category tagging. X X

[4.0.0] – 2022-5-19 – Release Candidate

+
Bug Fixes, Enhancements Essential Desktop Professional Desktop Professional Server Enterprise Server
Added MAC categorization support X X X X
Added parser and categorizer support for transparent cisco interfaces X X X X
Added parsing support for Transparent Firewall format of Cisco MAC Table X X X X
Added support for “fortilink” protocol to depict layer 2 X X X X
Added the ability to rename views X X X X
Added the ability to rename workspaces X X X X
Improved the “Created by and Updated by” fields in the Asset Inventory table to reflect the source file names. X X X X
Improved the selection of devices on the topology to add Ctrl for single device selection X X X X
Improved the usability of the Access Rules and Object Groups reports X X X X
Improved the Workspace and Best Practice Summary Reports to reflect the current view X X X X
Redesigned the NERC-CIP report and wizard X X X X
Resolved a ‘bool’ object has no attribute ‘keys’ attribute error for Juniper X X X X
Resolved a Regex issue with Risks and Warnings default policy X X X X
Resolved an issue for Palo Alto SERVICE group translation X X X X
Resolved an issue where .NPV files failed to load X X X X
Resolved an issue where Cisco routing tables were not matching routes X X X X
Resolved an issue where conditional formatting was not being run after import of .NPV file. X X X X
Resolved an issue where disconnected topology assets would be repositioned on data update X X X X
Resolved an issue where rerunning conditional formatting was not updated the modal reports X X X X
Resolved an issue where rulesets have ambiguous association of BINDING groups to INTERFACE for PanOS X X X X
Resolved an issue where the Risks And Warning were not showing on the Best Practice report X X X X
Resolved an issue where the system allocated another license if the device name is changed. X X X X
Resolved several issues with the comparison reporting function X X X X
Released NP-View Essential X
Resolved an issue where renaming objects in Custom views was not sticky X X X
Rebranded NP-View II to NP-View Professional Desktop X
Resolved an issue where Panorama files loaded into workspace using NP-Connect were causing workspace errors X X
Resolved an issue where the Panorama connector device list was not showing all of the devices X X
Resolved an issue where the Retrieve device list” window title shows “Connector error”, even when successful X X
Resolved an issue where topology maps for Workspaces transferred between users fail to load X X
Resolved an issue where connectors were pulling files not in the path and not updating until the next manual pull X X
Resolved an issue where the creation date of a cloned connector does not update when saved X X
Resolved multiple issue where the SMB connector failed to authenticate X X
Rebranded NP-Live to NP-View Professional Server X
Released NP-View Enterprise Limited Preview X
Ubuntu and Docker Update Packages

For customers who have installed the Ubuntu version of the NP-View OVF, this package is designed to update Docker and Ubuntu to the following versions:

- Docker version 27.1.2, build d01f264

- Kernel version 5.15.0-118-generic

- Ubuntu version Ubuntu 22.04.4 LTS

To see the complete package details, click here:

Download the update package, click here

Verify the checksum: 7D510280D6901502B7210EADC284B351F49C0AE6F40D9030A99C5A6A17B6444F

Installation Instructions

Have all users log out of NP-View Server as the update will disrupt their system use.

SSH into the NP-View server

sudo su -

cd /root/

Make an updates folder at the path of your choice.

mkdir updates

cd updates

Copy update-packages-08-14-24.zip to the updates folder on the np-view server

unzip update-packages-08-14-24.zip

Install all packages

export DEBIAN_FRONTEND=noninteractive && dpkg -i *.deb

reboot

.zip and .deb files can be removed after reboot.

sudo su -

cd /root/

cd updates

rm *.deb *.zip

Incremental Data Availability Across Workspaces and Views

When we improve a data or analysis feature or fix an issue, the improvement may not be visible until new data is ingested, or another action is taken.

New Data or Warnings identified during file parsing

When we improve a parser, upon next import, we will apply the new rules and import the new or corrected data. Only the workspace where the new file(s) are imported (manual or connector) will receive the new data. All views, in that workspace, that contain the imported device(s), will be updated with the new data.
No other workspaces will be impacted.

The impact of this is that some workspaces will have the new data, some will not, resulting in data discrepancies across workspaces. Additionally, only the devices being imported will contain the new or updated data within a view.

To ensure the entire workspace is current, users can manually re-import data into their existing workspace. Alternatively the user can clone an existing connector to pull data into the workspace (Note: connectors perform a checksum to see if a file has already been imported and ignore it if we have imported it already.)

Data created during Merge / Analyze

When we improve merge (topology generation) or analyze (path creation), upon next import or the creation of a new view, we will apply the new rules. Only the views, in that workspace, that contain the new file(s), will be merged and analyzed.  All other views will not be impacted.

The impact is that some workspaces and views will have new analysis results, some will not, resulting in data discrepancies across views and workspaces.

To ensure the entire workspace is current, users can manually re-import data into their existing views or create new views.

Risks and Warnings

When we improve risk alerts, upon next import, we will apply the new policies and requirements. Only the workspace where the new file(s) are imported (manual or connector) will receive updated risks. Upon import and after the views are updated, the risk alerts will be updated. No other workspaces will be impacted.

The impact is that some workspaces will have new risk alerts, some will not, resulting in data discrepancies across workspaces.

To ensure the entire workspace is current, users can manually re-import data into their existing views or users can reset the risks for any workspace in the Policy manager which will remove all current risks and rerun the risks for that workspace.

Firewall Ruleset Representation

Overview

This section provides a primer on how to review firewall rulesets from three vendors: Cisco,  Check Point, and Palo Alto.

Cisco Ruleset Overview

An access control list (ACL) is used to filter network traffic. For an ACL to take effect, it must be bound to an interface on the device. Packets are then matched against the ACLs bound to that interface to determine whether to forward or drop a packet. A MAC, IPv4 and IPv6 ACL can be bound to each interface. Multiple ACL of the same protocol cannot be bound to the same interface, they must be combined to accomplish the desired effect.

Object Groups for ACLs lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This lets you use object groups instead of individual IP addresses, protocols, and ports, which are used in conventional ACLs.

The image below helps depict the interaction between Object Groups, Access Groups, Rules and Interfaces.

The Object Groups, Access Groups, Rules and Interfaces. are combined into a configuration file as shown below:

NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature.  An example is below:

Check Point Ruleset Overview

Check Point segments security management into multiple virtual domains. Security policies can be created and privately maintained per Domain. The image below helps depict the high level interaction between domains and the domain server.

Some security rules can be enforced for all Domains. Global policies can serve as security templates with rules that are applied to many Domains, and their individualized security policies. The Security Gateway is the engine that enforces the organization\’s security policy, is an entry point to the LAN, and is managed by the Security Management Server.

The interaction between domain policies, global policies and the security gateway is depicted below. Note that Global Domain rules can be run before the local Domain rules or after the local Domain rules as cleanup.

NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature.  An example is below:

Palo Alto Ruleset Overview

Device groups enables grouping based on network segmentation, geographic location, organizational function, or any other common aspect of firewalls that require similar policy configurations. Using device groups, the user can configure policy rules and the objects they reference. Devices can be organized hierarchically, with shared rules and objects at the top, and device group-specific rules and objects at subsequent levels. This enables the creation of a hierarchy of rules that enforce how firewalls handle traffic. The image below depicts the high level interaction between device groups, subgroups and firewalls.

This can be further broken down into the virtual system. A virtual system is an independent (virtual) firewall instance that can be separately managed within a physical firewall with its own Security policy, interfaces, and administrators.

Device Groups on Panorama allow you to centrally manage firewall policies. You create policies on Panorama either as Pre Rules or Post Rules; Pre Rules and Post Rules allow you to create a layered approach for implementing policy. You can define Pre rules and Post rules in a shared context, as shared policies for all managed firewalls, or in a device group context, to make the rules specific to a device group. Because you define Pre rules and Post Rules on Panorama and then push them from Panorama to the managed firewalls, you are able to view the rules on the managed firewalls but you can edit the Pre Rules and Post Rules only in Panorama.

  • Pre Rules—Rules that are added to the top of the rule order and are evaluated first. You can use pre-rules to enforce the Acceptable Use Policy for an organization.
  • Post Rules—Rules that are added at the bottom of the rule order and are evaluated after the pre-rules and rules that are locally defined on the firewall. Post-rules typically include rules to deny access to traffic based on the App-ID™, User-ID™, or Service.
  • Default Rules—Rules that specify how the firewall handles traffic that does not match any Pre Rules, Post Rules, or local firewall rules.

NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature.  An example is below: