At Network Perception, we have combined our vast expertise of critical asset protection with next-gen technology to guide our customers on a path to cyber resiliency.
The journey starts with establishing a clear baseline and verifying that internal risk mitigation controls are followed.
The next step consists of gaining an accurate visibility of network architecture and cybersecurity posture.
Finally, developing a continuous monitoring approach to gain velocity and adapt quickly to disruptions.
NP-View is designed to run on a Windows 10 or Windows 11 with a recommended configuration of a 10th Gen Quad Core Processor and 16GB of RAM. This configuration should be sufficient for processing large data files up to 500,000 lines. Simultaneously loading and analyzing multiple devices with larger configuration files will maximize the use of available system resources and additional RAM may be required.
Installation Process
Sign up on the Portal website to download the latest version of NP-View Desktop and to download a license key. A SHA256 checksum is supplied with each download. You can calculate the checksum on the files you download to verify the integrity of the files:
Windows Powershell: Get-FileHash /the/full/path/to/your/filename.exe | Format-List
Once installed, NP-View will automatically launch.
Allow ports for private/public network if prompted.
NP-View has been designed to run offline, which means that the network connections attempted towards a public NTP server, the local DNS server, and the Network Perception update server are optional and do not affect the system if the internet is unavailable. More information on configuring NP-View can be found here.
NP-View Desktop is a resource intensive application. For best performance, please ensure your system’s Power plan is set to High performance.
If you have administrator access, you can enable Ultimate Performance by opening the command prompt as administrator and copy paste: powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61 and press enter.
Windows control panel:
First Login
Upon first login, NP-View Desktop will require you to create an administrator account. Fill in the required information and click the “Create the NP-View administrator account” button. The password can be as simple or as complex as the user desires but needs to be at least 8 characters.
Local authentication is for users who wish to add an additional layer of protection. With this, the user can use whatever e-mail address and password they choose. If the user logs out of the system, the user id and password will be required upon subsequent application launches. Otherwise, the session remains open and authentication is not required.
Read and accept the user agreement.
Next, you will need to enter your license key. Once input, click the “Add license key” button.
Select your preferences for checking for automatic updates (requires internet access) and participation in our voluntary improvement program. Both selections use a slider that is default to off. To opt in, click the button and it will slide to the right. Click the save preferences button to complete.
Next click the get started button
User Menu
Access to the Help Center, License Manager, Update Manager and other administrative functions can be found on the User Menu located in the top-right corner of the Workspaces page.
Getting Started
On the Workspaces Page, NP-View provides a demo workspace as well as the ability to start creating your own workspaces. Click here to learn more about using workspaces.
Software Version
If you contact technical support, they will ask you for the software edition and version you are running. It can be found on the bottom left corner of the home screen.
Software Uninstall
To uninstall NP-View Desktop,
Windows 10/11: use the add or remove programs feature to remove the software
Use the add or remove programs feature to remove the software
Delete folder: ~AppData/Roaming/NP-View
Delete folder: ~AppData/Local/Programs/NP-View
Delete folder: ~AppData/Local/np-view-updater
Password Reset
Remove the file at the location listed below and restart the application to input your credentials.
Windows: Delete the file ~AppData/Roaming/NP-View/db/auth_provider.cfg and then restart NP-View.
License Changes / Upgrades
If you input a new license key from network perception, the user must log out and log back in for the changes to take effect. Note that the license key function is only available from the home screen (not from within a workspace).
Upload File Size Limit
NP-View enforces a maximum file size of 200MB by default. To change it, the config.ini file must be edited and the following row added: MAX_IMPORT_SIZE=<size in bytes>. For example: MAX_IMPORT_SIZE=209715200 which corresponds to 200MB.
Windows: the config.ini file can be found at: ~AppData/Roaming/NP-View/config.ini
Windows Path/File Name Length Limit
Microsoft Windows has a MAX_PATH limit of 256 characters. If the path and filename exceed 256 characters, the file import will fail.
For example: C:\Users\<username>\AppData\Roaming\NP-View\db\workspace\<np-view-user>@<workspace>\devices\<filename>
NP-View Server has been designed to be easily installed by a single person who has moderate Linux skills. This article provides step-by-step instructions on the installation process, which includes:
Provisioning a server
Downloading NP-View server
Installing NP-View server
Installing a SSL Certificate
NP-View is accessed through a web browser (Edge, Chrome, Firefox) running on a modern operating system (Windows 10 or later, macOS 11 Big Sur or later, Ubuntu 20 or later) with a recommended configuration of a 10th Gen Quad Core Processor and 16GB of RAM.
Provisioning a Server
The following table documents the CPU, memory, and disk requirements based on the number of network device configuration files monitored by NP-View server:
Number of network devices monitored
(firewall, router, switch) / concurrent users
Min. CPU
Memory
Disk Space
Up to 50 devices / 3 concurrent users
4-core
16GB
200GB
Up to 100 devices / 5 concurrent users*
8-core
32GB
400GB
Up to 500 devices / 10 concurrent users
16-core
64GB
2TB
Up to 1,000 devices / 20 concurrent users
32-core
128GB
4TB
Greater than 1,000 devices please contact support to discuss requirements.
Recommended as the minimum for most Professional Server users.
Note: loading and analyzing devices utilizes the majority of the CPU and Memory capacity. The higher the server capacity and the faster the CPU, the faster devices will load and be analyzed.
Network ports used by NP-View server
The following ports are used by NP-View server. Please ensure these ports are open on your firewall for proper communication.
Required ports:
TCP/22: SSH server to provide secure console access to the NP-Live server
TCP/443: access to NP-View Web UI through HTTPS
TCP/8443: access to NP-View connectors Web UI through HTTPS
Optional ports:
TCP/80: access to NP-View Web UI through HTTP
TCP/389: access to Active Directory / LDAP for LDAPv3 TLS
TCP/445: access to NP-View SMB Connector
TCP/636: access to Active Directory / LDAPS for TLS/SSL
TCP/8080: access to NP-View connectors Web UI through HTTP
Firewall Rules
The source IP should be the client workstation that will access NP-View and the destination IP should be the NP-View Linux server.
Downloading NP-View Server
Sign up on the Portal website to download the latest version of NP-View server and the license key. A SHA256 checksum is supplied with each download by clicking on the “show checksum” link. You can calculate the checksum on the files you download to verify their integrity:
Windows 10/11 using Powershell: Get-FileHash /the/full/path/to/your/file/name/extension | Format-List
MACOS: shasum -a 256 /full/path/to/your/file/name/extension
Installing NP-View Server
NP-View server is a Linux application. It can be installed on a virtual machine or physical hardware. There are 2 package formats available:
NP-View Virtual appliance (~2GB OVF) that works on all major hypervisor with support for the .vmdk disk format (e.g., VMWare ESXi).
NP-View Linux installer (~600MB) that works on all major Linux distributions on which Docker can be installed
The NP-View OVF uses Ubuntu Server 22.04 LTS or later. Root access is provided (see the text file provided with the .OVF) so the operating system can be periodically updated. This option should be used for new installations. The NP-View Linux installer is used to update NP-View on an existing system or for a new install on a Linux server.
Note: Network Perception does not recommend running NP-View in a double virtualized environment (Linux VM encapsulated within a Windows VM) as the operation of connectors, notifications and external interfaces can be unpredictable.
Option 1: Using the NP-View Linux Installer
Once downloaded from the portal, follow the steps below to complete the install:
Move installer to server – This may require ssh or other user account permissions
Place the file in a location you can access from the terminal
/tmp – this is a temp folder available at the root directory
/opt/np-live – this is the default NP View server root directory
You can use the “ls” command to see what is in your current directory
Log into the terminal or use SSH (Putty, PowerShell, etc.) into the Linux server
Set root level permission with the command (this will allow you type commands without adding “sudo” to each command)
sudo -I
Navigate to the directory in which the NP-View Server Linux installer was placed
Use the ls command to verify file is in this directory
Run the installer with the command (Docker must be installed before this step)
Example: sh NP-View_Full_Filename.sh (example: NP-View_Server_Linux_4.0.5-add6)
The installer will begin by checking for a running instance of Docker and internet connection
If Docker is not installed and running the installer will stop and you will have to manually install the latest version of Docker before continuing
If an internet connection is available and Docker isn’t installed, the installer will automatically download and install the latest version of Docker
If an internet connection isn’t available but Docker is installed, the installer will continue offline (Most Common Scenario)
If you are installing NP-View Server on Red Hat Enterprise Linux, use the following commands to install docker:
Prompt for default directory (/opt/np-live) We recommend keeping the default directory but it can be changed if preferred
Note: If the default directory is changed, then it will need to be edited for each new release during the installation
There will be a message once the installation is complete
Launch a browser to navigate to the NP-View User InterfaceExample of transfer with WinSCP:
Load WinSCP – It should default to this screen:
Default “File Protocol:” to SFTP
Fill in Host name, User name, and Password.
Host name would be the same as your NP-View Server IP Address
User name and Password are the same as the sudo credentials you use to log into the NP-View Server terminal.
Find the NP-View Linux Server Installer file in the left window. Then in the right window from the “root” select the “tmp” folder. Once you have completed both steps then click “Upload”.
Click Ok to complete the transfer.
Option 2: Using the NP-View Virtual Appliance
Once the Virtual Appliance OVF file has been downloaded from the portal, follow the steps below to complete set up:
Extract the .zip archive (right click on folder and choose extract all)
Import OVF into hypervisor
Update CPU/Memory/Disk Space to meet requirements stated in KB in the hypervisor settings
Open README.txt from extracted folder for credentials
Launch the appliance and log into terminal using credentials in README.txt
NP-View Server shell script will guide you through updating the NP-Live password, the root password, and to reset encryption keys
Once complete the NP menu will appear indicating the server is ready to use.
Launch a browser to navigate to the NP-View User Interface
Note: A static IP may need to be configured before utilizing the user interface.
Installing a SSL Certificate
NP-View listens on both port TCP/80 (HTTP) and TCP/443 (HTTPS). For HTTPS, it uses a self-signed SSL certificate by default. Users can also provide their own SSL certificate by simply copying a valid .pem file into the NP-View db folder. If using HTTPS, the best practice is to disable HTTP or forward HTTP to HTTPS.
The following command can be used to generate a valid .pem file:
To learn more about generating your own SSL certificate, please visit python documentation.
Please note that .pem file should include both the private key and the full certificate. If you received the private key and the certificate as two or more separate files, you can concatenate them into a single .pem file.
Setting the Virtual Appliance Time Zone
By default, the Virtual Appliance install creates the file `/opt/np-live/local-settings.yml`, set to America/Chicago. This file needs to be updated to reflect your local time zone. To change to a different time zone, log into the server using SSH and become root with the command sudo -i. You can then perform the following updates.
NP-View does not automatically delete log files, the Linux system admin may wish to schedule the above commands in a periodic CRON job to maintain optimal performance.
If server upgrade or restart issues continue to occur, please reach out to the Tech Support team.
Default Disk Encryption
As the NP-View OVF is typically installed within a secure environment, the disk is not encrypted by default for data at rest. The Linux Admin can encrypt the system drive for increased security knowing that system performance will be slightly degraded to accommodate the data decryption and encryption.
Personalize the Login Page
To add a custom message to the login page, a NP-View administrator can edit the file /opt/np-live/docker-compose.yml with the following entry in the webserver environment section: “- banner=Welcome to NP-view”
For NP-View, the file ~/Documents/np-live/config.ini can be edited to add: “banner=Welcome to NP-View”
Upload File Size Limit
When users upload a file through the Web user interface, NP-View will enforce a maximum file size which is 200MB by default. To change it, a NP-View Linux administrator can edit the file /opt/np-live/docker-compose.yml with the following entry in the webserver environment section: “- MAX_IMPORT_SIZE=209715200”. The value is in bytes, so 209715200 corresponds to 200MB.
Backing up the NP-View Server Database
Stop the NP-View Server (you can use the script /opt/np-live/stop_nplive.sh)
From the NP-View Server folder (by default: /opt/np-live/, run the command: tar -zcf db_backup_$(date '+%Y_%m_%d').tgz db (this command may take few minutes to complete)
Run the new release installer, which will update the containers and then launch NP-View Server
Complete Removal of NP-View
If you wish to completely remove NP-View from you server to start with a fresh install, perform the following steps:
Stop NP-View using the script /opt/np-live/stop_NP-Live.sh
Remove Docker containers using the command docker system prune -a as root (WARNING: this will completely reset Docker, so if non NP-View containers have been added they will be deleted as well)
Remove the NP-View folder with the command rm -rf /opt/np-live as root (WARNING: the NP-View database will be permanently deleted)
Change Management provides the Compliance Team (Compliance Officer, Compliance Analysts) with capabilities that allow for:
Transitioning from point-in-time risk assessment to 24/7 with automated notification.
Automating the change review process using ticketing system integration and sandboxing.
Leveraging “time machine” to navigate through the network evolution and compare points in time.
Transition to 24×7 Monitoring
Connectors facilitate the configuration of connections to poll devices on a schedule, importing the latest configurations for analysis and automatically analyzing the information within selected workspaces to identify changes and potential risks.
Automated change review process
Change tracking automatically records configuration changes and provides the user with the ability to review changes made to the system and review the potential impact of the changes.
Network risks related to configuration changes are identified by best practices and user defined rules in the Policy manager. When a potential risk is identified, it is logged in the “Risks and Warnings” table and assigned a criticality (High, Medium, Low) based on the identifying policy.
Notifications allow users to setup notifications based on complex rules and to have those notifications delivered to multiple services on a schedule to email, syslog or ticketing systems. Notifications can be triggered by configuration changes or network risks.
The Network Sandbox is an isolated workspace that aids network engineers and infrastructure managers with the evaluation of proposed changes to system configurations, operating system upgrades or hardware replacement without affecting the production network. Our network modeling platform provides the ability to evaluate proposed changes to network devices by importing modified configuration files, evaluating the changes against policies, best practices, and regulations, and reporting on risks and vulnerabilities. Additionally, changes can be reviewed and compared, paths and connectivity can be analyzed, compliance reports can be run and reviewed.
Comparison Analysis
Tracking changes over time provides a rich data source for analysis. Comparison Analysis allows the user to review two points in time to identify changes across the system including assets, rules, objects, and paths.
Vulnerability Prioritization provides the Network Security Team and Compliance Team with capabilities that allow users to:
Align network architecture understanding and break silos through a single pane of glass
Train first responders and harden defenses via realistic attack scenario simulation
Prioritize vulnerability mitigation faster
Network Architecture Understanding
Monitoring for indicators of compromise allows organizations to better detect and respond to security compromises. When the security team discovers a potential compromise, NP-View can assist with incident response by quickly identifying critical paths to the compromised system.
For example, critical host H-192.168.1.103-32, a database server on the network, is experiencing increased reads.
Train First Responders
Users can be trained to use NP-View to quickly assess the situation. NP-View shows each host with the inbound and outbound paths. In this example, the inbound port, 443, is the likely target for the increased database activity.
Prioritize Vulnerability Mitigation
Stepping stones are hosts in a network which could be compromised and used by malicious attackers to perform lateral movements. Attackers hop from one compromised host to another to form a chain of stepping stones before launching an attack on the actual target host.
Using the stepping stone analysis, the security team can quickly identify the paths of concern and the number of steps away from the compromised system or other important assets and can quickly prioritize a remediation plan.
The policy manager is used to execute predefined policies and requirements that trigger risk messages or format designated table reports, based on string matching logic. Default Policies and individual Requirements can be “Enabled or Disabled” by clicking the toggle button. Policies and Requirements are global in nature and changes made when in one workspace will apply to all workspaces. For example, if a Policy, Requirement, or Device is deactivated in one workspace, that update will apply to all workspaces. Risk Policies are run when new data is imported into NP-View. Table Highlight Policies are run when a modal report is opened.
Key Concepts
Using the policy manager requires the understanding of a few concepts:
Requirement A requirement contains Regex logic to trigger a message or formatting action for one use case.
Policy A policy is a collection of related requirements and does not have any logic associated with it, it is a means for categorization. Policies can be enabled or disabled.
Risks and Warnings Requirements Trigger alert messages based on Regex logic. Individual policies can be enabled or disabled and assigned to one or more devices.
Table Highlighting Requirements Formats the color of cells and text based on Regex logic. Highlighting is report specific.
Default Risks & Warnings Policies
Risk and Warnings messages, which can be found in the Risks & Warnings and Access Rules table reports, are generated using Policies and Requirements located in the Policy Manager. Default Policies and Requirements are automatically assigned to all devices when they are first imported, and run when network device configuration changes are identified.
The following default Risk alert Policies policies are provided for all Compliance modules:
Default Parser Risk Policy – triggers from logs generated during parsing of device configuration files
Default Access Rule Risk Policy – triggers from access rules
Default Policies and Requirements
+
Policy
Requirement
Risk Severity
Default Parser Risk Policy
Unnecessary EIGRP Network
Low
Broadcast traffic permission
Low
Traffic to multicast group
Low
Empty Field
Low
Unused ACL’s
Low
Unused group
Low
Mixed any and not any
Low
Unassigned interface
Low
Missing interfaces
Low
Rule following schedule
Low
Default Access Rule Risk Policy
Any in all fields
High
Any in source
Medium
Any source binding
Medium
Any source IP
Medium
Any destination
Medium
Any destination binding
Medium
Any in destination IP
Medium
Any TCP Service
Medium
Any UDP Service
Medium
Any Service Open
Medium
Default CiS Benchmark Risk Policies
CiS Benchmarks are provided as part of the Best Practices Module. CiS Benchmarks provide a powerful set of secondary policies to help identify risks within your network. CiS Benchmarks are disabled by default and must manually be enabled and assigned to devices. As noted, changes to Risk related Policies, Requirements or Devices apply to all workspaces. CiS Benchmark Policies and Requirements can be deactivated but not edited or deleted.
CiS Benchmark for Check Point
CiS Benchmark for Cisco
CiS Benchmark for Juniper
CiS Benchmark for Palo Alto
CiS Benchmark for Check Point Firewall
+
The below requirements were derived from the CiS Check Point Firewall Benchmark v1.1.0 – 06-29-2020.
Requirement
Risk Severity
Ensure ‘Login Banner’ is set
Low
Ensure CLI session timeout is set to less than or equal to 10 minutes
Low
Ensure Check for Password Reuse is selected and History Length is set to 12 or more
Low
Ensure DHCP is disabled
Low
Ensure DNS server is configured
Low
Ensure Deny access after failed login attempts is selected
Low
Ensure Deny access to unused accounts is selected
Low
Ensure Disk Space Alert is set
Low
Ensure force users to change password at first login after password was changed from Users page is selected
Low
Ensure Host Name is set
Low
Ensure IPv6 is disabled if not used
Low
Ensure Maximum number of failed attempts allowed is set to 5 or fewer
Low
Ensure Minimum Password Length is set to 14 or higher
Low
Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server
Low
Ensure Password Complexity is set to 3
Low
Ensure Password Expiration is set to 90 days or less
Low
Ensure Telnet is disabled
Low
Ensure Warn users before password expiration is set to 7 days or less
Low
Ensure Web session timeout is set to less than or equal to 10 minutes
Low
Ensure Radius or TACACS+ server is configured
Low
Logging should be enabled for all Firewall Rules
Low
CiS Benchmark for Cisco ASA 8.x, 9.x Firewall
+
The below requirements were derived from the CiS Cisco Firewall Benchmark v4.1.0 – 01-16-2018. Supporting ASA 8.x and 9.x.
Requirement
Risk Severity
Ensure ‘Domain Name’ is set
Low
Ensure ‘Failover’ is enabled
Low
Ensure ‘HTTP session timeout’ is less than or equal to ‘5’ minutes
Low
Ensure ‘Host Name’ is set
Low
Ensure ‘LOGIN banner’ is set
Low
Ensure ‘MOTD banner’ is set
Low
Ensure ‘NTP authentication key’ is configured correctly
Low
Ensure ‘Password Policy’ is enabled
Low
Ensure ‘Password Recovery’ is disabled
Low
Ensure ‘SNMP community string’ is not the default string
Low
Ensure ‘SSH session timeout’ is less than or equal to ‘5’ minutes
Low
Ensure ‘TACACS+RADIUS’ is configured correctly
Low
Ensure ‘console session timeout’ is less than or equal to ‘5’ minutes
Low
Ensure ‘local username and password’ is set
Low
Ensure ‘logging with timestamps’ is enabled
Low
Ensure ‘logging’ is enabled
Low
Ensure ActiveX filtering is enabled
Low
Ensure DHCP services are disabled for untrusted interfaces
Low
Ensure DOS protection is enabled for untrusted interfaces
Low
Ensure Master Key Passphrase is set
Low
Ensure email logging is configured for critical to emergency
Low
Ensure explicit deny in access lists is configured correctly
Low
Ensure ‘trusted NTP server’ exists
Low
Ensure Enable Password is set
Low
Ensure Java applet filtering is enabled
Low
Ensure Logon Password is set
Low
Ensure known default accounts do not exist
Low
CiS Benchmark for Juniper JunOS 15.1 Firewall
+
The below requirements were derived from the CiS Cisco Juniper Benchmark v2.1.0 – 11-23-2020. Supporting JunOS v15.1.
Requirement
Risk Severity
Forbid Dial in Access
Low
Ensure VRRP authentication-key is set
Low
Ensure proxy-arp is disabled
Low
Ensure EBGP peers are set to use GTSM
Low
Ensure authentication check is not suppressed
Low
Ensure loose authentication check is not configured
Low
Ensure RIP authentication is set to MD5
Low
Ensure BFD Authentication is Set
Low
Ensure BFD Authentication is Not Set to Loose-Check
Low
Ensure SNMPv1/2 are set to Read Only
Low
Ensure “Default Restrict” is set in all client lists
Low
Ensure AES128 is set for all SNMPv3 users
Low
Ensure SHA1 is set for SNMPv3 authentication
Low
Ensure Accounting of Logins
Low
Ensure Accounting of Configuration Changes
Low
Ensure Archive on Commit
Low
Ensure NO Plain Text Archive Sites are configured
Low
Ensure external AAA is used
Low
Ensure TCP SYN/FIN is Set to Drop
Low
Ensure TCP RST is Set to Disabled
Low
Ensure Minimum Session Time of at least 20 seconds
Low
Ensure Lockout-period is set to at least 30 minutes
Low
Ensure login message is set
Low
Ensure local passwords require multiple character sets
Low
Ensure at least 4 set changes in local passwords
Low
Ensure local passwords are at least 10 characters
Low
Ensure External NTP Servers are set
Low
Ensure Strong Ciphers are set for SSH
Low
Ensure Web-Management is not Set to HTTP
Low
Ensure Web-Management is Set to use HTTPS
Low
Ensure Web-Management is Set to use PKI Certificate for HTTPS
Low
Ensure Session Limited is Set for Web-Management
Low
Ensure Telnet is Not Set
Low
Ensure Reverse Telnet is Not Set
Low
Ensure Finger Service is Not Set
Low
Ensure Log-out-on-disconnect is Set for Console
Low
Ensure Autoinstallation is Set to Disabled
Low
Ensure Hostname is Not Set to Device Make or Model
Low
Ensure Password is Set for PIC-Console-Authentication
Low
CiS Benchmark for Palo Alto 9
+
The below requirements were derived from the CiS Palo Alto Firewall 9 Benchmark v1.0.0 – 03-23-2020.
Requirement
Risk Severity
Ensure ‘Idle timeout’ is less than or equal to 10 minutes for device management’ is set
Low
Ensure ‘Login Banner’ is set
Low
Ensure ‘Minimum Length’ is greater than or equal to 12
Low
Ensure ‘Minimum Lowercase Letters’ is greater than or equal to 1
Low
Ensure ‘Minimum Numeric Letters’ is greater than or equal to 1
Low
Ensure ‘Minimum Password Complexity’ is enabled
Low
Ensure ‘Minimum Special Characters’ is greater than or equal to 1
Low
Ensure ‘Minimum Uppercase Letters’ is greater than or equal to 1
Low
Ensure ‘New Password Differs By Characters’ is greater than or equal to 3
Low
Ensure ‘Permitted IP Addresses’ is set for all management profiles where SSH, HTTPS, or SNMP is enabled
Low
Ensure ‘Permitted IP Addresses’ is set to those necessary for device management
Low
Ensure ‘Prevent Password Reuse Limit’ is set to 24 or more passwords
Low
Ensure ‘Required Password Change Period’ is less than or equal to 90 days
Low
Ensure ‘Service setting of ANY’ in a security policy allowing traffic does not exist
Low
Ensure HTTP and Telnet options are disabled for all management profiles
Low
Ensure HTTP and Telnet options are disabled for the management interface
Low
Ensure System Logging to a Remote Host
Low
Ensure alerts are enabled for malicious files detected by WildFire
Low
Ensure redundant NTP servers are configured appropriately
Low
Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones
Low
Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones
Low
Ensure that the Certificate used for Decryption is Trusted
Low
Ensure valid certificate is set for browser-based administrator interface
Low
Syslog logging should be configured
Low
Risks Walkthrough
To better understand how to use the policy manager, let’s walk through an example using Risks & Warnings Policies and Requirements.
In the above image we can see the policy manager window open. The Risks & Warnings Policies tab has been selected. Below there is a dropdown that contains all the default policies available. The Default Access Rule Risk Policy has been selected.
Policy Details
When a Policy is selected we see its details on the right side of the window. Risks & Warnings Policies are device-specific and it is on this page where we can change what devices the policy applies to. If we change whether or not the Policy is enabled, or the devices included, the Policy will run on next data import or by resetting and rerunning all risk policies. Resetting and rerunning will clear all existing risks and run all the enabled Requirements within that Policy.
Requirement Details
On the left hand side, below our chosen Policy, we can see the Requirements that are included in this Policy and an icon indicating whether or not they are enabled.
In the above image we can see then information for a default Requirement, “Any Service Open”. looking at the details for this requirement we can see its name, its details, and the logic being used to trigger the Risk alert message. This requirement is an example of compound logic being used. This risk will only trigger if all three conditions are met. Conditions have four elements.
Requirement Conditions
Apply To This is the Table_Column that the logic test will be applied
Apply When If the string is found or not found
String What information the requirement is looking for in the specified table_column
Operator Used to build compound logic using and/or
Risks & Warnings Output
When a risk requirement is met, a risk alert will be generated and posted to the Risks & Warnings table as shown below:
The Access Rules table report will also display the highest criticality risk for each access rule as shown below:
Now that we know where the text comes from – let’s find out where the coloring comes from.
Table Highlighting Walkthrough
Table Highlighting Policies and Requirements work in almost the same way as Risks & Warnings, with a few key differences. The main being that it formats cells and texts instead of producing an alert message.
Access rules Default Policies and Requirements
+
Rule Name
Text Match
Action
Action – Allow or Permit or Accept or Trust
Action = Allow or Permit or Accept or Trust
‘Action’ cell = None, Text = Green
Action – Deny or Drop
Action = Deny or Drop
‘Action’ cell = None, Text = Red
Binding (ACL) – Any
ACL = Any and Action = not (deny, drop, false, ignored)
‘Action’ cell = None, Text = Red
Destination – Any
Destination = any and Action = not (deny, drop, false, ignored)
‘Destination’ cell = None, Text = Red
Destination Binding – Any
Dst Binding = any and Action = not (deny, drop, false, ignored)
‘Dst Binding’ cell = None, Text = Red
Enabled – True
Enabled = True
‘Enabled’ cell = None, Text = Green
Enabled – False
Enabled = False
‘Enabled’ cell = None, Text = Red
Enabled – Not Analyzed
Enabled = Ignored
‘Enabled’ cell = None, Text = Gray
Risk – High
Risk Criticality = High
‘Risk’ cell = White, Text = Red
Risk – Medium
Risk Criticality = Medium
‘Risk’ cell = White, Text = Yellow
Risk – Low
Risk Criticality = Low
‘Risk’ cell = White, Text = Blue
Risk – None
Risk Criticality = not (High, Medium, Low)
‘Risk’ cell = None, Text = Gray
Risk Criticality – High
Risk Criticality = High
‘Risk Criticality’ cell = Red, Text = White
Risk Criticality – Medium
Risk Criticality = Medium
‘Risk Criticality’ cell = Yellow, Text = Black
Risk Criticality – Low
Risk Criticality = Low
‘Risk Criticality’ cell = Blue, Text = White
Risk Criticality – N/A
Risk Criticality = not (High, Medium, Low)
‘Risk Criticality’ cell = None, Text = Gray
Service – Any
Enabled = true, Action = not (deny, drop), Service = ‘any to any’ and not (Ping, ICMP)
‘Source’ cell = None, Text = Red
Source – Any
Source = Any, Action not (deny, drop), Enabled = not (true, ignored)
‘Source’ cell = None, Text = Red
Source Binding – Any
Src Binding = Any, Action not (deny, drop), Enabled = not (true, ignored)
‘Src Binding’ cell = None, Text = Red
Connectivity Paths (Interactive Service Ports)
+
Rule Name
Text Match
Action
Apple Remote Desktop (ARD)
Port = 3283
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Database Clients (Microsoft SQL)
Port = 1433
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Database Clients (MySQL)
Port = 3306
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Database Clients (Oracle SQL)
Port = 1521 : 1525
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Database Clients (PostgreSQL)
Port = 5432
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
File Explorer (NFS)
Port = 2049
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
File Explorer (SMB)
Port = 445
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
File Transfer Protocol (FTP)
Port = 20 : 21
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
MIB Browser (SNMP)
Port = 161 : 162
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Microsoft Endpoint Mapper (EPMAP)
Port = 135
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Remote Desktop (RDP)
Port = 3389
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Secure Shell (SSH)
Port = 22
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Team Viewer Client
Port = 5938
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Terminal Emulator (Telnet)
Port = 23
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Trivial File Transfer Protocol (TFTP)
Port = 69
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
UNIX r-commands (rlogin, rcp, rsh)
Port = 512 : 514
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Virtual Network Computing (VNC)
Port = 5900 : 5901
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Web Browser (HTTP, HTTPS)
Port = 80, 443, 8000, 8080
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Windows Remote Management Service (WinRM-HTTP)
Port = 5985 : 5986
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
X-Server
Port = 6000 : 6063
‘Port’ cell = None, Text = Yellow‘Protocol’ cell = None, Text = Yellow
Any
Port = Any
‘Port’ cell = None, Text = Red ‘Protocol’ cell = None, Text = Red
Policy Details
On the default Policy page for Table Highlighting we can see that these Policies do not require device selection.
Requirement Details
Selecting a default Requirement for this Policy shows us the requirement details.
For a Table Highlight requirement there are a few more options that are used to target the logic for the action. First, we choose the target Table and Column that will receive the Highlighting Action. Then we choose the table and column where we want the logic to run.
Requirement Conditions
Compliance Type Table Highlighting requirements can be set to run only on certain compliance frameworks
Table The target table that the highlighting will be applied to if the logic is found.
Column The target column within the previously chosen target table, that the highlighting will be applied to if the logic is found
When String The string the requirement is searching for
Is found or not found
In Column Table_Column where the requirement is searching for the designated string
Operator And/ or for building compound logic
Highlighting Action If the conditions for the logic are met this is how the cell will be colored and how the text will be colored.
Highlighting Output
When the modal report is opened that contains a highlight policy, the rules will be automatically applied and the table highlighted accordingly.
Risk Alert Reset
Sometimes there may be a reason to need to reset the risk alerts. For this, Administrator or Workspace Admins have access to a rest function on the Risks & Warnings Policies Overview page. This action will reset all Risks and Warnings information for this workspace. After, all enabled risk policies and requirements for this workspace will be rerun.
Because Policies will be rerun after reset, at least one policy must be enabled at time of reset. Only Risks and Warnings data will be affected.
This article will focus on the Risks & Warnings Report.
NP-View uses reports to present network information related to the open workspace. These reports are available to all users and can be accessed from the main menu. For more information visit the Workspace Reports Overview article.
Accessing the Table
The Risks & Warnings Report can be accessed in two ways. with each way presenting a different data set.
From the main menu: All Risks & Warnings for all devices in the current view.
From the topology: Only Risks & Warnings for the selected device in the current view. Found by clicking a Firewall/ Router/ Switch > its info panel will open > and the user can select Risks Or Warnings from the Data for this Device section.
*From the main menu
*From the info panel
What are Risks & Warnings?
Risk and Warnings are messages generated by default Policies and Requirements in NP-View. These messages are a way of automatically detecting and notifying users of risky or problematic situations on your network. They look for certain criteria, and when found trigger the designated alert. Policies and Requirements are located in the Policy Manager (accessed from the main menu).
NP-View provides sets of default Policies and Requirements that are automatically assigned to all devices when they are imported, and run when network device configuration changes are identified.
Understanding Risks & Warnings Messages
When a potential risk or warning is identified, it will be logged logged in the Risks and Warnings report with a time and date stamp.
Status (New, Confirmed, Resolved, False Positive, Will Not Fix or Fixed). Status definitions are below.
Risk Triage, Status, and Life Cycle
For new risks or warnings, users are expected to
Review each item
Determine if the issue needs to be addressed
Then manually change the status accordingly. To change the status, double click on the status bean, change the status and click the save button.
Status Definitions:
new: new risk or warning identified in the most recent data load.
confirmed: risks or warnings that are acknowledged by the user as a valid problem to address.
resolved: risks or warnings that are closed by the user because the problem has been addressed.
false positive: risks or warnings that are closed by the user because they are not a valid problem to address.
will not fix: risks or warnings that are closed by the user because it was decided to not address them.
Example: Upon subsequent data updates, the system will adjust the status if required. For example:
If the user marks a risk as Resolved and on the next network update the risk is still identified, the status will automatically be changed to Confirmed.
If upon the next update the risk is no longer identified, the status will be changed to Fixed. Fixed items are removed from the list after a period of 7 days.
Commenting on Rules from Risks & Warnings Table
New in NP-View 5.0, the Risks table connects Risks and Warnings directly with the applicable Access Rule. Not only can the status of the Risk be updated, but a comment or justification can be left on the associated rule without ever leaving the Risks & Warnings table.
1. Open the Risks & Warnings table
2. Navigate to the Risk or Waring of your choice
3. In the “Description” column click the plus sign and open the popover for the full description
4. Click the link that says see rule
5. A filtered rules table displaying the relevant rule will open at the bottom of the window for you to investigate and/or make comments on
Risks & Warnings Columns
Time: (RISKWARNING_TIMESTAMP) Date and Time the potential risk was identified and logged.
Type: (RISKWARNING_TYPE) Risk or Warning.
Criticality: (RISKWARNING_CRITICALITY) High, Medium or Low as defined by the identifying policy and requirements.
Workspace: (RISKWARNING_WORKSPACE) Name of the workspace containing the potential risk or warning.
Device: (RISKWARNING_DEVICE) Name of the device containing the potential risk or warning.
Description: (RISKWARNING_DESCRIPTION) Description of the potential risk or warning from the policy manager
Status: (RISKWARNING_STATUS) Current status as defined above.
The Rule Usage feature helps network admins identify rules for potential elimination due to lack of use. This feature only applies to Palo Alto NGFW (not Panorama). Rule Usage Analysis (aka Hit Count) requests additional Access Rule usage information from firewalls using the connector. When setting up a new connector, the user will have the ability to enable the extraction of rule usage information:
Note that existing connectors will not be affected and cannot be edited to enable hit count data retrieval.
From the NGFW, we extract four values for each access rule:
First Hit – Timestamp of first rule usage
Last Hit – Timestamp of last rule usage
Hits Updated – Timestamp of last data refresh
Hits – Usage count
The information is presented as additional columns in the Access Rules Table. The four columns are disabled by default and will need to be enabled by the user using the menu at the top right.
Once enabled, the hit count data will be displayed in the Access rules table:
NP-View can import auxiliary data from third party systems to enrich and augment analysis. The data files listed below are supported and can be manually imported using drag and drop or through a shared network drive connector. We recommend importing configuration files first or at the same time as the auxiliary data files or a system error may occur. If auxiliary data is input after configuration files are processed, the auxiliary data will need to be added to a new or existing custom view(s) to be displayed
Host Files
Hosts can be identified from multiple sources including configuration files, network scan files, ARP tables, and hostname files. Once network device configuration files have been imported, one can import additional files to add metadata to the workspace. A hostname file is a simple text file with two columns: IP address and hostname separate by a tab.
Aux Data Loading Example
Note: This example applies to the loading of any Aux data file but is specific to creating and loading a host file.
First, load a firewall into a workspace and create a custom view with the firewall.
Notice that four hosts are not named. To fix this, create a host file, named hosts.txt, to enrich the information.
The host file will add a name tied to each of the hosts and also includes hosts not currently displayed.
Let's use 172.30.90.50 Alice 172.30.90.51 Bob 172.30.90.42 Wendy 172.30.91.80 Sam 172.30.91.81 Carl Note: Make sure any hosts added to the file do not conflict with firewall interfaces or they will be merged into the firewall.
Save the host file, and import it into the workspace.
Once processed, proceed to the “Manage Views” menu and select a new or existing view to add Auxiliary data to.
Below the Select Devices box, is the Auxiliary Data box.
Choose any of the Auxiliary Data files you've added previously. (This image is not reflective of the example but to illustrate that users may select several Aux files).
For our example a user would see a single file called hosts.txt that would contain the names we've added.
Once the the view is created the updated assets will be displayed on the topology and in the Asset Inventory (on the main menu).
To see how the previous example can be used as a repeatable process let's update those names again, with corrections.
First, update the Host file again. In this scenario, we rename “Carl” to “Carly” and “Sam” to “Sammy”. The updated file is as follows:
172.30.90.50 Alice 172.30.90.51 Bob 172.30.90.42 Wendy 172.30.91.80 Sammy 172.30.91.81 Carly
Load the file into the workspace and the custom views where auxiliary data has been applied. This will update the workspace.
Note: Host data can come from multiple sources, also hosts can appear and disappear from the network. Host data is treated as replacement data for adding and deleting hosts over time.
Note: If for some reason a device has multiple names retrieved from multiple different file types, the additional names will be displayed in the Alias column of the Asset Inventory.
Network and Vulnerability Scanner Files
The output from network and vulnerability scanners can be imported into a workspace to add CVE information, hosts, attributes, and port information to the topology map. We support version 1.0 <?xml version=”1.0″ ?> of the below scanners:
When exporting the report, it should be saved using the XML format to properly import into NP-View. The data extracted and imported depends on the scanner used and the data available on the network. Below is a list of data NP-View attempts to import.
hostnames
addresses
interfaces
local interface IP’s
local interface names
mac
domains
parent
operating systems
vlan
Multi-Home Host Files
Multi-Home hosts are endpoints that have multiple network interfaces. If NP-View identifies hosts with multiple interfaces, the host will be duplicated on the topology with each IP address. For example, the host called 'dual-homed' can be seen three times on the map below.
To resolve this, a 'multi_home_host.txt' file can be manually generated and loaded into NP-View as auxiliary data.
The file must be named 'multi_home_host.txt' and be of the following format:
192.168.135.115 dual-homed
192.168.135.114 dual-homed
192.168.135.113 dual-homed
Where the first field is the IP address and the second field is the name of the host.
When importing the 'multi_home_host.txt' and adding it to a view, the hosts will be connected as follows:
Note: The file can be named as *_multi_home_host.txt -where-*_ is anything preceding multi_home_host.txt.
For example:
tuesday_multi_home_host.txt
web_server_multi_home_host.txt
the_big_kahuna_multi_home_host.txt
Address Resolution Protocol (ARP)
ARP files can be used to add hosts as well as MAC addresses for the hosts. The following formats are supported:
Cisco
Use commashow arp to export the ARP table. The file format will be as follows:
<hostname># show arp
outside 10.0.0.100 d867.da11.00c1 2
inside 192.168.1.10 000c.295b.5aa2 21
inside 192.168.1.12 000c.2933.561c 36
inside 192.168.1.14 000c.2ee0.2b81 97
Cisco ARP Example
Using the data set from the Hosts example, a simple ARP table has been created in the Cisco format.
Distribution# show arp
inside 172.30.90.50 d867.da11.00c1 2
inside 172.30.90.51 000c.295b.5aa2 21
inside 172.30.90.42 000c.2933.561c 36
inside 172.30.91.80 000c.2ee0.2b81 97
inside 172.30.91.81 000c.2ecc.2b82 95
Distribution#
Loading this data into NP-View will add the MAC addresses to each host which is visible in Asset inventory.
Windows
Use arp -a > arp_table.txt to export the ARP table. The file format will be:
Interface: 192.168.86.29 --- 0x6
Internet Address Physical Address Type
192.168.86.1 88-3d-24-76-49-f2 dynamic
192.168.86.25 50-dc-e7-4b-13-40 dynamic
192.168.86.31 1c-fe-2b-30-78-e5 dynamic
192.168.86.33 8c-04-ba-8c-dc-4d dynamic
Linux
Use arp -a > arp_table.txt to export the ARP table. The file format will be:
? (172.18.0.3) at 02:42:ac:12:00:03 [ether] on br-d497989bc64d
? (192.168.135.200) at 00:0c:29:f6:47:bb [ether] on ens160
? (172.17.0.2) at <incomplete> on docker0
? (192.168.135.178) at 00:0c:29:f3:e2:6b [ether] on ens160
Palo Alto
Use show arp all to export the ARP table. The file format will be:
maximum of entries supported : 2500
default timeout: 1800 seconds
total ARP entries in table : 3
total ARP entries shown : 3
status: s - static, c - complete, e - expiring, i - incomplete
ethernet1/1 192.0.2.10 00:0c:29:ac:30:19 ethernet1/1 c 295
ethernet1/2 198.51.100.10 00:0c:29:d7:67:09 ethernet1/2 c 1776
ethernet1/3 203.0.113.10 00:0c:29:b9:19:c9 ethernet1/3 c 1791
Route Tables
Route files are a special case in that they provide ruleset-specific enrichment data whereas the other auxiliary files listed above provide topology-specific enrichment data.
Route table – Cisco
The output of the command show route on Cisco devices can be imported into NP-View with associated configuration files. For VRF’s, use the command show ip route vrf *. Cisco route files are handled a bit differently than the rest of the aux data as they are integrated upon import and are not considered as aux data when creating a view. Naming of the route files are not important as long as they are unique. The first row of the route file contains the <device name># command to link the route table with the correct device.
PCAP
IN V6.0 and later, PCAP and PCAPng files can be used to enrich the topology map. NP-View will add endpoints with IP's, MAC addresses and services to the topology map within a view. The max PCAP size is 200 MB per file.
Release Candidates introduce new features and go through the full QA process once a quarter. The rollout of release candidates is staged to ensure product quality.
General Releases are release candidates that have gone through field testing and any critical issues resolved before releasing to the general population. General releases typically lag release candidates by a month or more.
Release candidates generally following the below schedule: January, April, July and October
General releases do not follow a fixed schedule since they are driven by field testing and support requests.
Below is the list of releases and the features / fixes in each release. Only the most current release available to a customer will be posted on the portal.
If you have any question, please contact us at support@network-perception.com.
The release notes are also available from within the NP-View application. By clicking the version number in the lower left hand corner of the workspace screen,
the release notes can be viewed.
NP-View Desktop and Server – 2024
[6.0.1] – 2024-12-09 – General Release
+
Bug Fixes, Enhancements
Added the ability to manually create a layer 2 switch with MAC only connections using text files.
Resolved an issue where rule usage was not properly displaying for pfSense.
Resolved an issue where the NERC-CIP Report Topology Screenshot was Overriding Network Name with IP.
Resolved an issue where connectors can be set to upload to a no-longer existing workspace.
Resolved an issue where 'Network with No IP' name labels were absent after 'show only bridge groups' selected.
Resolved an issue with initial license verification during install.
Resolved an issue where Static NAT config on Cisco ASA was not recognized.
Resolved an issue where deleting a connector group does not remove scheduled tasks.
Resolved an issue where user selected endpoints are not traversing views for L2 hosts.
Resolved an issue where some address objects were being improperly translated for Palo Alto 10.1
Resolved an issue where the state of display layer 2 and verified assets check box was not used when switching views.
Resolved an issue where File Download and Files Retrieved was not populated until modal is closed and re-opened.
Resolved an issue where the topology export to PDF was not reflecting layer 2 assets.
Resolved an issue where the connector Last Run filter was not operating correctly.
Resolved an issue where topology annotation call outs are not visible on topology until page is reloaded.
Resolved an issue where MAC addresses data were not displaying in the interface table.
Resolved an issue where connectors were not running in parallel.
Resolved an issue where some Layer 2 VLAN's being displayed as gateways.
Resolved an issue where adding new Aux data removes pre-existing host descriptions and devices from zones.
Removed the account preferences page from the setup wizard.
Removed the ability to create a New Group, New Connector or Clone a Connector using the legacy connector function.
[6.0.0] – 2024-10-18 – Release Candidate
+
Bug Fixes, Enhancements
Added a new connector feature to the Desktop and Server Editions.
- The new connector supports Cisco ASA, Cisco ISO, Fortinet FortiGate, Fortinet FortiManager, Palo Alto NGFW, Palo Alto Panorama, CheckPoint, SSH, SMB and Solarwinds NCM. All other connectors have been deprecated.
- Key improvements include:
- Password manager to reuse and manage passwords across multiple connectors.
- New user workflow for creating groups and connectors.
- Automated data collection and download.
- Flexible scheduling (Server only)
- Improved runtime and scheduling status (Server Only).
- Added the option to automatically collect Layer 2 data (ARP, MAC, Interface and Routes) from Cisco ASA and IOS devices to enrich the topology map.
Added baseline support for Layer 2 visibility for Cisco IOS and ASA devices:
- Create a view that displays Layer 2 Switches, Layer 2 Networks, and Hosts from Layer 2 data from Layer 3 devices.
- Create a view that displays Layer 2 links (blue dotted lines) to layer 2 nodes when the link is known to be L2.
- Control the map from Topology Settings to display or hide Layer 2 Nodes / Links.
- Control the map to expand or collapse Layer 2 Networks and attached hosts.
- Search function to locate, highlight, and open the info panel of a Layer 2 node.
- View VLAN information on the nodes info panel.
- View Layer 2 / VLAN data in the interface table.
Added Support for Dell PowerSwitches running OS10.
Added support for Nvidia Mellanox running Onyx OS.
Added support for topology enrichment using PCAP and PCAPNG (file size up to 200 mb).
Added the ability to personalized endpoint icons.
Added the ability to annotate topology devices and endpoints.
Improved licensing support for re-adding devices, hitting the device max limit, removing all devices from NP-View and runtime errors indicating no license present.
Improved support for multi-home devices in path analysis.
Resolved an issue where compare in the Access Rules table was flagging rules that have not changed.
[5.1.3] – 2024-9-16 – Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where some device interfaces could be missing from the NERC-CIP wizard.
[5.1.2] – 2024-9-4 – Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where NP-View timestamps were always displayed in UTC.
[5.1.1] – 2024-8-30 – Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where importing Palo Alto configuration files with multi-vsys resulted in all rules not being loaded.
Resolved an issue where deleting a device from Home View did not remove the device from custom views.
Resolved an issue where the Zone Matrix was not populating all subnets.
Resolved an issue where topology search on the home view was not highlighting the device.
Resolved an issue where Path Blocking results were not clearing on ESC.
Resolved an issue where special characters in file names resulted in an unsuccessful import.
Resolved an issue where views were switching after the import of auxiliary data.
Resolved an issue where Path Highlighting to Multi-Homed hosts were not displaying properly.
Resolved an issue where a file failing to parse was sending incorrect results to the import uploaded panel.
Resolved an issue where the Asset Inventory Type column drop down filter was not displaying.
Resolved an issue where two modals were created when using Hotkeys
Resolved an issue where Importing Aux files into an NPX created Workspace breaks asset verification.
Resolved an issue where view performance degraded as more views were created.
Resolved an issue where some Aliases were being improperly cataloged for Cisco devices.
Resolved an issue where inputting the license key on a new system failed to properly register.
Resolved an issue where the workspace count was being improperly calculated and prematurely reaching the system limit.
Resolved an issue where overlapping rules were causing duplicate paths for Palo Alto devices.
[5.1.0] – 2024-7-9 – Release Candidate
+
Bug Fixes, Enhancements
Added support for multi-homed hosts (hosts with multiple NIC cards).
Added support pfSense Community Edition version 2.7.2.
Added support for Cisco VRF.
Added a feature to verify inferred hosts on the topology and asset inventory report.
Added a feature to selectively hide topology data.
Added a topology setting to hide Gateways with No IP by default.
Improved the manual data import workflow for ease of use.
Improved support for importing and adding auxiliary data to views.
Improved support for Cisco ASA contexts.
Improved the startup performance of the NP-View database.
Improved the Release Notes page.
Improved the System Log page to better utilize page real estate.
Improved the Topology Export to reflect what is shown on the topology.
Improved the NERC CIP Report Topology Snapshots to reflect what is shown on the topology.
Resolved an issue where auto generated network zone that contains a name with a period (‘.’) as one of the characters cannot be deleted.
Resolved an issue where TwiceNAT rules were not being displayed.
Resolved an issue where MAC addresses were not showing in the interface table or asset inventory table when loaded from ARP files.
Resolved an issue where we were not detecting when a Cisco ACL has Both a Src and Dst binding.
Resolved an issue where translated NAT addresses were showing up as an unmapped address.
Resolved an issue where the external route file for a Cisco device is parsed but routes are not saved.
Resolved an issue where editing the node criticality was also editing the criticality for the Zone.
Resolved an issue where processing a Fortinet with an embedded switch returned erroneous rulesets.
Resolved an issue where collapsing all nodes in a zone left an empty zone on the topology (it is now hidden).
Resolved an issue with parsing an encoded SonicWall file.
Resolved an issue where some object groups were being duplicated.
Resolved an issue for the SEL where file content shown in UI has many ***** lines that are not in the config imported.
Resolved an issue where default rules have incorrect line numbers due to empty chains/ACLs on Linux.
Removed the Explicit Deny by Default section from the Best Practice Report.
Removed (temporarily) the ability to compare two configuration files from the file viewer.
[5.0.4] – 2024-6-25 – General Release
+
Bug Fixes, Enhancements
Resolved an issue where scheduled connectors would not run unless logged into the connector group and upon logging in, all connectors were being run (server only).
Resolved an issue where some device manufacturers were being improperly displayed in the UI.
Resolved an issue where some users were prohibited from creating access rules and object groups comments when using LDAP authentication (server only).
Resolved an issue where transferring a workspace was not properly completing resulting in missing data in the info panel (server only).
[5.0.3] – 2024-5-3 – Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where the workspace report failed to generate under certain conditions.
[4.3.6] – 2024-5-2 – General Release
+
Bug Fixes, Enhancements
Improved the performance of the Cisco device parser.
Resolved an issue where the Description Field in the Access Rules table was showing duplicate data for Cisco devices.
[5.0.2] – 2024-4-25 – Release Candidate
+
Bug Fixes, Enhancements
Added a topology filter to show / hide gateways that have no IP address.
[5.0.1] – 2024-4-8 – Release Candidate
+
Bug Fixes, Enhancements
Please read the disclosure on Incremental Data Availability Across Workspaces and Views.
Improved the presentation of Vulnerabilities and Services from the info panel.
Improved NAT Rules to Show CIDR Instead of Object Group Name for Translated Address.
Improved the display of Fortinet interfaces to include the alias property.
Improved the performance when saving topology.
Improved the table highlighting for object group popovers on the access rules table.
Improved support for warnings in the risks and warnings report.
Added a connector and data parser for Claroty CDT to import assets.
Improved support for Ruggedcom RX1500 and Ruggedcom ROX devices.
Improved support for Fortinet with focus on 7.2 devices.
Improved the performance of the Cicso device parser.
Resolved an issue where L2 switch ports were being depicted as gateways.
Resolved an issue where IP addresses assigned to each L2 switch were improperly creating hosts.
Resolved an issue where Fortinet L2 VLAN’s were not set correctly for switch ports.
Resolved an issue where the nesting in a service group was not identified for Sonicwall.
Resolved an issue where exported workspaces were not visible to the Admin role.
Resolved an issue where NAT Rules were Incorrectly Showing ‘any’ as ‘Original Address’.
Resolved an issue where the Viewer role users could change device type.
Resolved an issue where the user was unable to Set Criticality for Host to None.
Resolved an issue where the Zone Segmentation Matrix was being enabled for Single Zone (requires at least two zones).
Resolved an issue where ‘ESC to clear’ banner was still present after switching views.
Resolved an issue where Summary reports were not updated with data from updated risks report.
Resolved an issue where Object Linking was not working for all Objects w/IP on the Topology.
Resolved an issue where Palo Alto Virtual Routers were being pushed as separate devices.
Resolved an issue where the Interfaces Tables in a view was not filtering out other devices in the workspace.
Resolved an issue where global objects were not properly displaying in the access rules table.
Resolved an issue where translated NAT addresses were showing up as an unmapped address.
Resolved an issue where the outbound highlighted paths were not displayed correctly.
Resolved an issue where deleting a device from the Home view was not deleting zones properly.
Resolved an issue where cancelling an analyze process could render the workspace unusable.
Resolved an issue where the Application set to ping for Palo Alto devices was generating an unnecessary risk alert.
Resolved an issue where the NERC-CIP report would not generate until after a Topology Save.
Resolved an issue where the NERC-CIP Wizard is not auto selecting EAP when attached to multiple EACMS.
Resolved an issue where comments were not retained when importing a .npx file from a version prior to 5.0.
Resolved an issue where deleting a view may make a Workspace unusable for another user (server only).
Resolved an issue where connector won’t upload to a Workspace when the Workspace is added connector creation (server only).
Moved the device delete option to the kebab menu.
Removed ‘est time remaining’ from background tasks.
[5.0.0] – 2024-2-5 – Limited Release Candidate
+
Bug Fixes, Enhancements
This release contains several database architectural changes designed to improve system performance.
During installation, a database maintenance procedure will be performed which will:
> Remove topology history from the system freeing up to 60% of database and RAM.
> Remove all pre-generated table highlights.
> Remove all pre-generated risks and warnings data.
> Path Analysis has been improved to reduce RAM usage and resolve several issues with external path analysis where not all external gateways were included in the analysis. Upon next analysis run (data import into a specific view), the analysis results will include the previously omitted paths.
*** It is strongly advised to back up your NP-View database prior to upgrade as there is no going back to a previous version otherwise.
For users of the OVF, we replaced CentOS7 with Ubuntu Server due to the pending end of life for CentOS7.
Added an Interfaces report for individual devices and workspaces.
Added a Routes report for individual devices.
Added a NAT report for individual devices.
Added a Zone Connectivity Matrix to show communication between zones.
Added a connector and data parser for Claroty CDT to import assets.
Added table highlighting to the connectivity paths table to identify interactive service ports.
> This feature must be enabled in the policy manager.
Added support for Cisco VACL’s and Static NAT from Route maps.
Added support for FortiSwitch Rugged devices.
Improved the visualization and performance of the connectivity matrix.
Improved the visualization and performance of the Risks and Warnings report and added linkage of rule risks to the access rules report.
> Note that the rule risk requirements have been updated and all previous risk alerts will be removed upon upgrade.
> It is recommended that the risks and warnings table be exported before upgrade if information is to be retained.
> Also, the comment function has been removed from the risks and warnings table, the recommendation is to use the linked rules table to add comments.
Improved the visualization and performance of the Asset Inventory report.
> The comment function has been removed from the asset inventory report.
Improved the performance of the table highlighting function.
Improved the performance and usability of the Manage Views function.
Improved the performance and usability of the zone creation and management functions.
Improved the performance and usability of the Topology Map including, loading time, expand / collapse, and stepping stone workflow.
Improved the performance and memory requirements of the external path analysis. See the KB for details of the analysis changes.
> For some customers this manifested itself as a process stuck at 93% which never finishes.
Improved support for Fortinet devices including tunnels.
Improved the performance of the save topology function.
Updated the workspace report to match the new interface, NAT, and Routes reports.
Resolved an issue with Fortinet where ISDB services used in rules were incorrectly formatted.
Resolved an issue where the Best Practice Report, Section 1.4, showed unmapped hosts.
Resolved an issue where disabling a table highlighting requirement or policy did not work.
Resolved an issue where the analysis would incorrectly discard legitimate peers from tunnel endpoints.
Resolved an issue where the analysis failed to translate fully qualified domain names nested groups.
Resolved several parsing issues with Fortinet devices.
Resolved an issue where importing host Aux Data did not import IP Addresses.
Resolved an issue where the desktop software would time out after 30 days and require reauthentication.
Resolved an issue where the desktop “Printer / PDF” function did not provide an option to Print.
Restored the workspace rename function.
Removed the comment feature from the risks and warnings and asset inventory reports.
Removed the comment count blue bubble from the topology and settings menu.
Removed the reset function for table highlighting as it is no longer needed.
Removed the SRC Criticality and DST Criticality columns from the Access Rules table due to loading performance issues.
NP-View Desktop and Server – 2023
[4.3.5] – 2023-12-20 – General Release
+
Bug Fixes, Enhancements
Resolved an issue where scheduled connectors would not run unless logged into the connector group and upon logging in, all connectors were being run (server only)
Resolved an issue where some device manufacturers were being improperly displayed in the UI.
Resolved an issue where some users were prohibited from creating access rules and object groups comments when using LDAP authentication (server only).
Resolved an issue where transferring a workspace was not properly completing resulting in missing data in the info panel (server only).
[4.3.4] – 2023-11-27 – Release Candidate
+
Bug Fixes, Enhancements
Improved support for virtual routers associated with a virtual firewall in Palo Alto devices. Note that the improved support identifies additional interfaces which will add extra computational time to path analysis.
Improved support for Routes, Static/Dynamic NAT, Route Maps and VACL’s in Cisco devices.
Improved support for tunnels in Fortinet devices.
Improved support for IPSec tunnels in both star and meshed communities in CheckPoint devices.
Resolved an issue where some ports were missing in Fortinet FTD devices.
Resolved an issue where Rule & Object IDs are being duplicated causing reporting conflicts.
Resolved an issue where FortiSwitch devices were not properly parsed.
Resolved an issue where legitimate peers from tunnel endpoints were incorrectly discarded.
Resolved an issue where importing Host Aux Data did not display IP Address for an unmapped host.
Resolved an issue where the Notification manager displayed improperly requiring a refresh to clear.
Resolved an issue where connectivity paths in excess of 100,000 rows caused a view not to load.
Resolved an issue where the system log was not using a consistent time zone for tagging events.
Resolved an issue where repetitively exporting / importing a workspace caused the file to exponentially grow in size.
[4.3.3] – 2023-9-11 – General Release
+
Bug Fixes, Enhancements
Added the capability to analyze rule usage from Palo Alto Next Generation Firewalls using the updated connector and Access Rules Table. See the Knowledgebase for details.
Resolved an issue where naming was not enforced for connectors. The connector naming is now consistent with the naming of Workspaces and Custom Views (3-24 alphanumeric, hyphen, or underscore characters). If the user edits any existing connectors with an invalid length or characters, they will need to adhere to the updated naming convention before saving.
[4.3.2] – 2023-8-28 – Release Candidate
+
Bug Fixes, Enhancements
Improved support for virtual firewalls and virtual routers in Palo Alto devices with additional support for device selection in connectors and manual import.
Improved the Cisco parser to include serial port information.
Improved device type identification for Switches and Routers.
Improved multiple parsers for preserving interface names and port ID.
Improved tunnel type identification for Fortinet devices.
Improved the coverage of address pool peering to better present tunnel peers.
Improved support for Fortinet VDOMS which have the same name on different devices.
Improved the labeling on topology hosts and network nodes to display names by default and IP addresses on hover.
Improved the real-estate usage of the workspaces page to allow for more horizontal widgets.
Improved support for multi-vsys on Palo Alto devices.
Improved the performance of the analysis engine for large config files. Depending on file size and vendor we have seen up to a 30% reduction in processing time.
Resolved an issue where the version sorting on the Compare Path history function was not in descending order.
Resolved an issue where the topology may not refresh with new devices after a connector pull.
Resolved an issue where URI reserved characters were showing as percent encoded in asset inventory.
Resolved an issue where the contents of search boxes were not saved in access rules.
Resolved an issue where Alphanumeric naming was not enforced for connectors. This allowed users to previously name connectors with not approved characters. If the user edits these connectors they will need to adhere to the updated naming convention to save.
Resolved an issue with the Connectivity Matrix not refreshing after new configs were imported.
Resolved an issue where the System Log pause or download feature did not work properly.
Resolved an issue with License and Terms where setting a device as Invisible did not work as intended.
Resolved an issue for Fortinet devices where additional paths were shown for rules with destination zones.
Resolved an issue for Fortinet devices where source and destination bindings were sometimes incorrect in the Access Rules Table.
Resolved an issue with Fortinet parsing ports.
Resolved an issue where running “Stepping Stone Analysis” from the NERC-CIP wizard broke path highlighting.
Resolved an issue where Step 4 of the NERC-CIP wizard would intermittently not load the path information.
Resolved an issue where Highlight Paths mode did not show “ESC to Clear” when paths were selected.
Resolved an issue where renaming a Workspace required a browser refresh.
Resolved an issue in the Workspace Report where the Access Rules table for Palo Alto devices was not sorting correctly.
Resolved an issue with the desktop edition where the list of exported workspaces did not persist.
Resolved an issue with the SonicWall parser which was erroring when setting binding groups.
Known issue: saving a topology with a large number of tags & criticalities can be slow.
Known issue: loading or deleting workspaces when the system contains a large number of conditionally formatted access rules can be slow.
Known issue: loading a Panorama file with multiple firewalls, vsys and virtual routers can be slow to present the device selection list.
Known issue: loading the devices from a CheckPoint R80/R81 connector for device selection can be slow due to CheckPoint API issues.
[4.3.1] – 2023-7-21 – Limited Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where NP-View Desktop would not start properly on Windows Server 2016.
[4.3.0] – 2023-7-17 – Limited Release Candidate
+
Bug Fixes, Enhancements
Added a CiS Benchmark Policy for Juniper.
Added support for rules with action trust bypassing other rules for Cisco Firepower.
Added experimental parser support for FS Switches.
Added alphabetical sorting to the connectors page.
Improved the performance of the device information panels.
Improved the performance of the Connectivity Paths Table and linked the Path Table to the Access Rules Table for visibility. Note that comments are no longer available for the Connectivity Paths table.
Improved the performance of the backend system manager and webserver.
Improved the Cisco parsing grammar to support service-object referencing IANA ports by name.
Improved the ability for the Cisco parser to identify device types.
Improved the loading animation to show status updates.
Improved the ability for parsers to detect misformatted xml files and log errors.
Updated the Service Risk Policies and Highlighting to exclude Ping.
Upgraded the NERC-CIP ERT export to v7 and the Asset Column Dropdown options in ERT > BES Table.
Resolved an issue to preserve the sequence order from the XML data for Panorama.
Resolved an issue where the criticality of hosts were not being updated in the Access Rules Table.
Resolved an issue where MAC addresses were not displaying.
Resolved an issue where internally generated NPV_ interfaces were showing in the UI.
Resolved an issue where some path highlights were missing.
Resolved an issue where Interface names in NERC CIP Wizard do not match names in Access Rules modal.
Resolved an issue where the Access Rule config line numbers were incorrect (desktop only).
Resolved an issue where the Object Groups comparison bean count didn’t match the rows in the table.
Resolved an issue where all devices from the same device group in the Panorama connector retrieve device list were not showing.
Resolved an issue where the asset call on home view returned a list of interfaces instead of assets.
Resolved an issue where historical comments for removed Access rules Object groups were not displaying in compare mode.
Removed the pin/unpin, arrange in circle and expand/collapse icons from the topology map (they are available by clicking on a node and using the kebab menu on the info panel).
[4.2.2] – 2023-5-22 – General Release
+
Bug Fixes, Enhancements
Resolved an issue where retrieve device list for the Checkpoint connector was not working.
Resolved an issue where the Risks and Warnings list in the Best Practice report did not match the Risks and Warnings Modal.
Resolved an issue where the Hostnames Node Count in Section 1.4 of the Best Practice Report was incorrect.
Resolved an issue with the NERC-CIP Excel Export where the Critical Assets Tab was displaying errors.
Resolved an issue where opening the Rules/Groups modals before the map loads causes an infinite re-render.
Resolved an issue where the Viewer Role could hide, add and delete comments in change tracking; add standard comments to access rules and object groups and can click ‘create new view’ button in Manage Views.
Resolved an issue where the Name of New View field becomes unselectable (Windows Desktop).
Resolved an issue where Workspace Report MD5 Checksums did not match the files.
Resolved an issue where some NAT Rules are missing translation in the Workspace Report.
Resolved an issue where the CheckPoint R80/R81 Connector was unable to fetch configs (Server).
Resolved an issue where selecting Generate NERC CIP Report from Summary Reports did not include Topology Screenshots.
Resolved an issue where the exported Topology Map PDF was Missing Zone Names.
Resolved an issue where the Access Rules and Object groups modals did not refresh after switching to Comparison mode.
Resolved an issue where the NERC CIP Report page becomes unresponsive and crashes the application for large views.
Resolved an issue where renaming a custom view breaks linkage to assigned zones.
Resolved an issue where Clear All Filters and Reset All Settings did not reapply the default sort order.
Resolved an issue where the number of paths in the workspace and Workspace Report did not match.
Resolved an issue with the incorrect number of in access rules for Fortinet devices.
Resolved an issue with the incorrect display of rule services for Fortinet devices.
Resolved an issue where the Access rules table was missing policies for SonicWall devices.
Improved the Cisco parser to extract radio port attributes from statement “interface dot11Radio X”.
Improved the Cisco parser to create zones from security level interfaces.
Improved the Cisco parser to create port-channel and sub-interfaces with type virtual.
Improved the Cisco parser to preserve interface names and port IDs.
Improved the Cisco parser to display a default gateway off of a BVI interface on the topology map.
Improved the Cisco parser to parse SNMP server hosts.
Improved the rendering of the Access Rules and Object Groups modal reports.
Added a table for Rules without Descriptions to the Best Practice report.
Added the ability to show NAT Rule translation “any” in workspace report.
Added a parser for the XML output of the SEL-3620.
Removed conditional highlighting from Access Rules Service column for ICMP any to any.
[4.2.1] – 2023-5-1 – Release Candidate
+
Bug Fixes, Enhancements
Resolved an issue where importing a .NPX file or access rules table with comments resulted in improper loading of the data into NP-View.
Resolved an issue where the Workspace report was not filtering the risks and warnings for the open workspace and the count of interfaces did not include hidden management networks.
Resolved an issue where the NERC-CIP report would not generate when a large quantity of access rules were present in the workspace.
[4.2.0] – 2023-4-10 – Limited Release Candidate
+
Bug Fixes, Enhancements
As of this release, the Essential Desktop and Enterprise Server editions are no longer being offered. NP-View is offered in a desktop edition for Windows and a Server edition for Linux.
Released Generation 2 of Connectivity Path Analysis which includes
Added external analysis to include devices previously contained in ‘unmapped’ into the analysis.
Improved order of operation for Cisco devices, particularly in ingress processing and egress filtering steps.
Improved handling of NAT rules, particularly the bi-directional NAT rules and twice NAT rules.
Added logic to transform destination range 0.0.0.0-0.0.0.0 to a wildcard for Cisco. This improvement can cause an increase in the number of paths for Cisco configs that use the 0.0.0.0-0.0.0.0 constructs, usually seen in wildcard permissions for web services.
Improvements in handling routes including:
Allow allocation of destination space to routes leading back to ingress.
Validation that all used routes are listed in the paths output and are unique.
Ensuring that route names are unique across devices.
Allow ranges to pass through the default route through rerouting.
Improvements to the inclusion of routes through the default interface.
Improvements in paths through gateways:
Whether the search is launched by choosing a peer or a gateway, any paths that result will have the first device in the path be the gateway and have the peer’s ID be listed as the ‘include’ on the Path EndPoint describing the start.
Limit networks launched from the gateway as a source to be dominating peers. The peer can only get back to the device (firewall) that directs routes to it.
Improved recognition and handling of border gateways.
Improved computations of VPN and tunnel paths for Cisco firewalls.
Improved computation of independent paths.
Improved the treatment of parent and child networks.
Improved NERC-CIP wizard workflow to include any:any interfaces when using external analysis.
Improved NERC-CIP report topology snapshots to include in-scope hosts.
Improved the Palo Alto and Cisco parsers to resolve specific customer issues.
Added analysis description to View Names to indicate type (standard or external) in manage views and view selector.
Added NAT table in Workspace Report.
Resolved an error for RuggedCom RX1500 performing analysis to target node.
Resolved an issue where the Rule Policy destination service ‘any’ rule triggered a risk for the any to case. The update now restricts the risk to ‘any to any’ cases.
Removed the traces function from device info panel.
Removed the single device Drilldown option from home view right click menu (use view manager).
Removed the Connectivity matrix from Info panel on Home view (still available from within custom views).
Removed the device rename option from the device info panel.
Resolved an issue where the SSH connector returns success even with a bad password when testing the connector (Server Only).
Resolved an issue where the SSH connector returns success even with a bad password (Server Only).
Resolved several access related issues to the viewer role (Server only).
[4.1.1] – 2023-3-3 – General Release
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Resolved an issue where standard comments were missing from the Workspace Report.
X
X
X
X
Resolved an issue where renaming a Drilldown view caused the view to not load.
X
X
X
X
Resolved an issue where the criticality of Hosts was not being updated in the Access Rules Table.
X
X
X
X
Resolved an issue where Views could be created with zero devices selected.
X
X
X
X
Resolved an issue where the access rules and object groups compare function were not filtered to the active device.
X
X
X
X
Resolved an issue where disabling a standard policy was not disabling the policy.
X
X
X
X
Resolved an issue where Palo Alto host IPs were not properly linking from the Access Rules and Object Groups table.
X
X
X
X
Resolved an issue where the Export Map function was not displaying zones.
X
X
X
X
Improved loading performance of the main menu.
X
X
X
X
Resolved an issue where Palo Alto 850 VLAN interface IP Addresses are not detected.
X
X
X
X
Resolved an issue for Checkpoint R80 with Parse bond interfaces/link aggregation.
X
X
X
X
Improved support for Fortilink protocol to depict layer2.
X
X
X
X
Resolved several issues where SonicWALL configurations were not loading.
X
X
X
X
Resolved an issue where Compare Path History was erroring when loading the difference table.
X
X
X
Resolved an issue where updating a connector triggers the connector to run.
X
X
Resolved an issue where Connector Groups would not load after upgrading to 4.1.0
X
X
Resolved an issue where running an on demand connector ran all active connectors
X
X
[4.1.0] – 2023-2-10 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Replaced the Access Rules and Object groups table reports with a new technology that provides for faster rendering and support for larger workspaces and configuration files. The new report contains upgrades for the following: comparison, comments with inline editing and history, conditional formatting, import/export, topology linking to devices. The Access rules table now supports Object group visibility and duplicated rules.
X
X
X
X
Replaced the ‘Manage Zones’ function with a new technology to improve performance.
X
X
X
X
Improved support for Fortinet devices including support for internet services in policies, hardware switches, virtual-switch blocks and the “Forti link” protocol, to depict layer 2.
X
X
X
X
Resolved issues with Cisco devices where NP-View was not identifying split tunnels and corresponding ACL and was throwing an error when parsing ipv6 object “subnet ::/0”.
X
X
X
X
Resolved an issue where Sophos v19 was not properly categorized.
X
X
X
X
Resolved several issues with the sanitizer not supporting devices properly.
X
X
X
X
Increased the default number of devices within a custom view to 25.
X
X
X
Replaced the SMB connector with a new technology that improves connector reliability and folder recursion.
X
X
Removed the polling limiters from the notification manager.
X
Resolved several issues when supporting HA pairs (Connector and Risks and Warnings).
X
[4.0.11] – 2023-1-27 – General Release
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Resolved an issue preventing the Windows Desktop Edition from starting after installation.
X
X
Added function to manually save the topology map for admin and workspace admin user groups
X
X
X
X
Improved the parser logic and support for Fortinet devices; ISDB services in rules, objects of type ‘interface-subnet’, address group Wi-Fi address with no static IP address and Mismatched VDOM in rule/service association
X
X
X
X
Added support for dynamic filters found inside address objects for Panorama devices
X
X
X
X
Improved support for Palo Alto 850
X
X
X
X
Resolved issues where the comments don’t persist for Object Groups or Risks & Warnings reports and the comment timestamp becomes “N/A” after closing report.
X
X
X
Implement logic to provide additional granularity for session timeout and changed the default to half hour if session length is set to 0.
X
X
Improved Panorama connector logic and support for Fortinet FortiManager devices
X
X
Enhanced the Source, Destination and Service columns in the Access Rules table to display and export Object Group details
X
Added support for the licensing of active / passive HA groups for firewalls
X
Improved the comparison function for Access Rules and Object Groups
X
NP-View Desktop and Server – 2022
[4.0.10] – 2022-12-30 – General Release (Enterprise)
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Added function to manually save the topology map for admin and workspace admin user groups
X
Improved the parser logic and support for Fortinet devices; ISDB services in rules and objects of type ‘interface-subnet’
X
Added support for dynamic filters found inside address objects for Panorama devices
X
Implement logic to handle floating point values for session length and default to half hour if session has been set to 0.
X
Fixed connector logic and support for Fortinet FortiManager devices
X
Enhanced the Source, Destination and Service columns in the Access Rules table to display and export Object Group details
X
Added support for the licensing of active / passive HA groups for firewalls
X
[4.0.9] – 2022-12-15 – General Release (Enterprise)
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Added upgraded modal reports for Access Rules and Object Groups with improved display performance. Also includes custom meta data field capability with history and export / import and data synchronization capabilities.
X
Added the capability to create custom risks and warnings within policy manager.
X
Added the capability to create custom conditional formatting within policy manager for modal reports.
X
Improved the NERC-CIP report with better support for Palo-Alto devices and improved Access Rules modal report.
X
[4.0.8] – 2022-12-05 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Enhanced Path Analysis table function; clicking on device name opens Access Rule modal, pre-filtered to display only the line corresponding to the IP/line/device
X
X
X
X
Improved the performance of the topology save function
X
X
X
X
Added conditional formatting to applicable sections of the NERC-CIP summary report
X
X
X
X
Added Path Block Analysis: take two hosts/ two networks/ or one host and one network and troubleshoot if the connection between is blocked, and if so why
X
X
Added new default requirements to perform conditional text and cell formatting; Action – Permit/Deny, Source – Any, Destination – Any, Service – Any, Risk – None, Risk Criticality – NA, Enabled – True/False
X
X
Improved Policy Manager functions; When creating requirements all logic rows will follow the operator of the first row; AND/OR. Invalid operators selection will be disabled in all rows but the first row.
X
X
Improved Panorama connector’s logic for device state selection in configuration manager; active / all. All includes both active/passive routing devices
X
X
Updated system logging with additional information when modifying custom fields in Access Rules or Object Groups
X
Known defects that may exist + Plan for resolution
When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
For additional information, or further questions, please reach out to support@network-perception.com
[4.0.7] – 2022-11-07 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Fixed an issue where the Object Group table displayed internal names instead of protocols and ports for the Value column
X
X
X
X
Fixed a parsing exception and improved parsing support for HP devices
X
X
X
X
Added ability to copy standard fields for Access Rules and Object Groups
X
X
X
X
Added an “Alias” column to the interface table for Palo Alto devices
X
X
X
X
Added “Checked for Updates” to System Menu
X
X
X
X
Improved the View Manager menu to allow users to select all devices when creating a view
X
X
X
X
Improvements to the creation and navigation of Topology views
X
X
X
X
Improved support for Cisco Remote Access Tunnels
X
X
X
X
Added function to include topology snapshots to the NERC CIP report
X
X
X
X
Improved the connector logic and support for Checkpoint devices
X
X
Improved connector usability by combining the ‘Test Credentials’ and ‘Test Connector’ buttons during set up of new connector
X
X
Fixed issues that resulted in connector errors when a user clicked either the test connector or retrieve device list buttons during new set up or editing of connector
X
X
Enhanced Policy Manager functions; at-a-glance view of a policy enabled/disable state and text/styling changes on Risks & Warnings and Table Highlighting tab
X
X
Improved the connector logic and support for Panorama devices
X
X
Enhanced Policy Manager functions; custom requirement editing and cloning
X
Known defects that may exist + Plan for resolution
When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
For additional information, or further questions, please reach out to support@network-perception.com
[4.0.6] – 2022-10-06 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Resolved miscellaneous issues in NERC-CIP report generation and export
X
X
X
X
Enhanced background task functions; clicking on active task spinner opens background task modal, clear/cancel individual tasks and vertical scroll functionality
X
X
X
X
Improved the stylings of the View Manager; added the search bar for devices, hovering over the saved custom view displays the device names included in the custom view. Added view/device counts
X
X
X
X
Implemented logic to set secure cookies never to expire for desktop edition. Set cookie expiration per customer (default = 30 days) for server edition
X
X
X
X
Optimized policy performance by running policies only when necessary. Default policies in serial instead of parallel
X
X
X
X
Improved disk recovery when there is less than 200 mb of disk available
X
X
X
X
Added “Internal” column to the Object Groups modal and resolved “Internal” Object Group filtering
X
X
X
X
Improved support for Juniper devices such as rules and groups with wildcard IP addresses, routes via multiple gateways, multiple mapped IPs in NAT rules and updated parsing of source NAT to read destination address translation and updated Juniper predefined services list
X
X
X
X
Added Strict-Transport-Security to default HTTP response headers to Web servers
X
X
Improved Panorama connector’s logic for device selection in configuration manager
X
X
Added “Manage Connectors” to System Menu
X
X
Added a “From Address” optional field in the Configure Service tab in Notification manager to override SMTP server’s rejection when a non valid email address is provided
X
X
Added a new SMB connector under Volume Share in NP-Connect; SMB Date Folder Strategy
X
Added the synchronization of metadata ‘custom fields’ across same object groups for users and workspaces
X
Introduced Policy Manager functions; Enterprise users can now create custom policies and requirements. Numerical comparison operators can now be used in custom requirement logic to find things like for example devices > zero
X
Enhanced Policy Manager functions; selecting a policy loads the content immediately, changed order of logic for new requirement and text/styling changes on Table Highlighting tab
X
Enhanced the Access Rules and Object Groups with the addition of custom fields for user generated content
X
Known defects that may exist + Plan for resolution
When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.6, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
For additional information, or further questions, please reach out to support@network-perception.com
[4.0.5] – 2022-08-25 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Resolved an issue where the line numbers displayed in Access Rules tables did not match the configuration file imported
X
X
X
X
Improved the path analysis, including NAT and egress functions for Cisco routing devices
X
X
X
X
Improved the parsing of route-based IPsec vpn tunnels
X
X
X
X
Resolved an issue where interfaces relying on variables defined in template stacks were not properly parsed
X
X
X
X
Resolved an issue where the risk and risk category columns in the access rules table displayed null values
X
X
X
X
Known defects that may exist + Plan for resolution
When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.4, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
For additional information, or further questions, please reach out to support@network-perception.com
When updating to 4.0.5, any connectors set to “on demand” will need to be changed to a specific polling time. Once the polling time is changed to one day (recommend choosing one day or longer) and the connector is saved (update connector button), users can pause the connector and use the on demand button as usual.
Plan for resolution: This is planned to be resolved with the release of NP-View v4.0.6.
[4.0.4] – 2022-08-03 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Improved both the parser logic and support for Cisco, Juniper, and Panorama devices
X
X
X
X
Enhanced the arrange button functionality to realign and display devices in a more user friendly visualization
X
X
X
X
Updated background task logic to calculate and display a more accurate reflection of the percent complete for a task that is processing
X
X
X
X
Enhanced smart search functionality to highlight unmapped nodes after a search for them is executed
X
X
X
X
Improved the import process to resolve the anomaly related to auxiliary data not saving when included in custom views
X
X
X
Enhanced the import process to resolve the anomaly related to device interfaces being misappropriately excluded
X
X
Resolved an issue where users could not view Access Rules data within the info panel when installing NP-Live with Radius authentication
X
X
Improved the connector logic and support for Checkpoint R80 devices
X
X
Resolved an issue where no path details were displayed when reviewing inbound connectivity through a zone
X
Known defects that may exist + Plan for resolution
When upgrading from previous versions (specifically v3.2.2 or v3.2.5) to v4.0.4, comment data within the Asset Inventory report from these previous versions will not be preserved nor visible in this latest version.
Note: Please be aware that there are currently no plans to provide backwards compatibility for these specific versions.
For additional information, or further questions, please reach out to support@network-perception.com
After importing data for Cisco or FortiGate devices (v6 and v7), the associated Risks & Warnings that generate afterwards are intermittently pointing users who further review them to non-corresponding locations in the provided config files. Also, for Cisco devices specifically, the associated Risks that generate afterwards are displaying duplicate data.
Plan for resolution: This is planned to be resolved with the release of NP-View v4.0.5.
After running table highlighting policies, fields that do not display data under the Risk and/or Risk criticality columns within the Access Rules report are being highlighted erroneously.
Plan for resolution: This is planned to be resolved with the release of NP-View v4.1.0.
[4.0.3] – 2022-07-05 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Updated NP-View Essential Desktop to include correct compliance module based on license key
X
Fixed an issue where the compliance framework did not appear when creating a new workspace after NP-View Desktop was restarted
X
Enhanced false positive risks/warnings displayed for Palo Alto Intrazone Routing
X
X
X
X
Fixed an issue where the Workspace Report displayed internal names instead of interface names for the binding/source/destination and service columns in the Access Rules section
X
X
X
X
Fixed an issue where the size of the devices was difficult to view on the topology map due to an auto zoom out in existing workspaces
X
X
X
X
Fixed an issue where importing Palo Alto configuration files was displaying duplicate devices
X
X
X
X
Improved parser and categorizer support for Panorama interfaces
X
X
X
X
Fixed an issue where the topology map was not centered when exporting the topology map to Visio or pdf
X
X
X
X
Fixed an issue where the incorrect nodes were displayed for device interfaces
X
X
X
X
Fixed an issue where the radial buttons to unpin/pin, collapse, and arrange peers did not appear after clicking on a specific node
X
X
X
X
Added Best Practice Report to the Summary Report function within the NERC-CIP and PCI Workspaces when the Best Practice Module is licensed
X
X
X
X
Enhanced view menu panel functionality so that it no longer auto closes after saving an edited custom view
X
X
X
X
Enforced naming parameters when creating/renaming custom views, workspaces, and zones
X
X
X
X
Fixed an issue where zone criticality colors were misapplied to Auto Generated Zones
X
X
X
X
Fixed the Panorama configuration file notification messaging that previously indicated to users 0 devices were imported to now indicate and display the successfully imported devices
X
X
X
X
Improved Panorama configuration file parsing to optimize the display of the correct device names
X
X
X
X
Fixed an issue where unconfigured vsyses Panorama firewalls were not being filtered out and displaying as additional devices on topology map
X
X
X
X
Removed hostname column from Asset Inventory
X
X
X
X
Fixed an issue where the display of the count of the number of dependents under a given network within the info panel was incorrect.
X
X
X
X
Fixed an intermittent issue where importing configuration files over 20 MB caused the application to lag and not execute import processes
X
X
X
X
Added SMB-Legacy and SSH connectors
X
Fixed an issue where connectors were not functioning as expected after resolving all previously identified errors
X
X
Added the Field Names (listed below) to the SSH Connector Type. These include: Path on Remote Host, Authentication, File name include filter, File name exclude filter and File Description Key
X
X
Increased the width of the display bubble that shows Checkpoint and FortiManager connector types so that text no longer exceeds past the end of bubble
X
X
Resolved an issue where on demand connectors were rerunning upon server restart
X
X
Enhanced connector related authentication
X
X
Fixed an issue that was resulting in connector errors when a user clicked either the test connector, test credentials, or retrieve device list buttons during set up
X
Resolved an issue where a false positive warning message displayed within the new connector setup window and indicated that no device list was retrieved upon creating a Panorama connector
X
Improved messaging that indicates successful connection when adding a new connector and testing connector credentials
X
Fixed an issue where clicking on “Generate NERC CIP Report” now displays the report in the same tab and no longer in a new one for NP-View Server Tab
X
Fixed an issue where the ability to add comments to devices with no comments was previously disabled when comparing data in Access Rules
X
Fixed an issue where not all Default Policies and Table Highlighting dropdown options were appearing within Policy Manager
X
Fixed an issue where the topology map did not update when adding a new connector within a new workspace
X
Fixed an issue where clicking the escape button did not close the Policy Management screen
X
[4.0.2] – 2022-06-07 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Increased the view limit from 1 to 15 to NP-View Essential
X
Resolved an issue where the Export function was missing on the Essential/Professional desktop edition in 4.0.0
X
X
Rebranded the naming of the diagnostic download files from NP-Live to NP-View
X
X
X
X
Resolved miscellaneous issues in the NERC-CIP Wizard
X
X
X
X
Improved the usability of the workspace page; disable Add Workspace button when limit has been reached and provide error message when limit has been reached
X
X
X
X
Added title to ALL table components in the NERC-CIP Reports when exporting to Excel
X
X
X
X
Resolved an issue where the NERC-CIP Wizard displayed mismatching data
X
X
X
X
Resolved an issue where the Auto Generate Zones doesn’t work
X
X
X
X
Updated the Category color for “CIP: Protected Cyber Asset” from red to orange
X
X
X
X
Resolved an issue where multiple interfaces had the same IP Address when running the NERC CIP Wizard
X
X
X
X
Resolved an issue where updating licenses is not updating with the new license data
X
X
X
X
Resolved issues with the SolarWinds Connector Device List
X
X
Resolved an issue with the Splash Page on NP-View Desktop 4.0.0 missing logo
X
X
Removed the Compared Results column from Access rules table due to new comparison function
X
X
X
X
Resolved an issue where importing a NP-View Java project with customized fields, where missing after import into NP-View
X
X
X
Improved the usability of the NERC-CIP Report; fixed blank web pages and console errors
X
X
X
X
Resolved an issue where the Sidebar was stuck in loading after a new local install on a new workspace
X
X
Resolved an issue where user could not create a custom view from selection (right click)
X
X
X
Resolved an issue where labels added where stacking on top of each other during NERC-CIP wizard process
X
X
X
X
Resolved an issue where the Enterprise license can’t create additional views
X
[4.0.1] – 2022-5-25 – General Release
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Resolved an issue where the NERC-CIP report had an issue loading the EACMS section.
X
X
X
X
Resolved an issue where the NERC-CIP Wizard displayed mismatching data.
X
X
X
X
Resolved an issue with the license downgrade function on Windows desktop.
X
X
Resolved an issue where the Viewer role could change category tagging.
X
X
[4.0.0] – 2022-5-19 – Release Candidate
+
Bug Fixes, Enhancements
Essential Desktop
Professional Desktop
Professional Server
Enterprise Server
Added MAC categorization support
X
X
X
X
Added parser and categorizer support for transparent cisco interfaces
X
X
X
X
Added parsing support for Transparent Firewall format of Cisco MAC Table
X
X
X
X
Added support for “fortilink” protocol to depict layer 2
X
X
X
X
Added the ability to rename views
X
X
X
X
Added the ability to rename workspaces
X
X
X
X
Improved the “Created by and Updated by” fields in the Asset Inventory table to reflect the source file names.
X
X
X
X
Improved the selection of devices on the topology to add Ctrl for single device selection
X
X
X
X
Improved the usability of the Access Rules and Object Groups reports
X
X
X
X
Improved the Workspace and Best Practice Summary Reports to reflect the current view
X
X
X
X
Redesigned the NERC-CIP report and wizard
X
X
X
X
Resolved a ‘bool’ object has no attribute ‘keys’ attribute error for Juniper
X
X
X
X
Resolved a Regex issue with Risks and Warnings default policy
X
X
X
X
Resolved an issue for Palo Alto SERVICE group translation
X
X
X
X
Resolved an issue where .NPV files failed to load
X
X
X
X
Resolved an issue where Cisco routing tables were not matching routes
X
X
X
X
Resolved an issue where conditional formatting was not being run after import of .NPV file.
X
X
X
X
Resolved an issue where disconnected topology assets would be repositioned on data update
X
X
X
X
Resolved an issue where rerunning conditional formatting was not updated the modal reports
X
X
X
X
Resolved an issue where rulesets have ambiguous association of BINDING groups to INTERFACE for PanOS
X
X
X
X
Resolved an issue where the Risks And Warning were not showing on the Best Practice report
X
X
X
X
Resolved an issue where the system allocated another license if the device name is changed.
X
X
X
X
Resolved several issues with the comparison reporting function
X
X
X
X
Released NP-View Essential
X
Resolved an issue where renaming objects in Custom views was not sticky
X
X
X
Rebranded NP-View II to NP-View Professional Desktop
X
Resolved an issue where Panorama files loaded into workspace using NP-Connect were causing workspace errors
X
X
Resolved an issue where the Panorama connector device list was not showing all of the devices
X
X
Resolved an issue where the Retrieve device list” window title shows “Connector error”, even when successful
X
X
Resolved an issue where topology maps for Workspaces transferred between users fail to load
X
X
Resolved an issue where connectors were pulling files not in the path and not updating until the next manual pull
X
X
Resolved an issue where the creation date of a cloned connector does not update when saved
X
X
Resolved multiple issue where the SMB connector failed to authenticate
For customers who have installed the Ubuntu version of the NP-View OVF, this package is designed to update Docker and Ubuntu to the following versions:
When we improve a data or analysis feature or fix an issue, the improvement may not be visible until new data is ingested, or another action is taken.
New Data or Warnings identified during file parsing
When we improve a parser, upon next import, we will apply the new rules and import the new or corrected data. Only the workspace where the new file(s) are imported (manual or connector) will receive the new data. All views, in that workspace, that contain the imported device(s), will be updated with the new data. No other workspaces will be impacted.
The impact of this is that some workspaces will have the new data, some will not, resulting in data discrepancies across workspaces. Additionally, only the devices being imported will contain the new or updated data within a view.
To ensure the entire workspace is current, users can manually re-import data into their existing workspace. Alternatively the user can clone an existing connector to pull data into the workspace (Note: connectors perform a checksum to see if a file has already been imported and ignore it if we have imported it already.)
Data created during Merge / Analyze
When we improve merge (topology generation) or analyze (path creation), upon next import or the creation of a new view, we will apply the new rules. Only the views, in that workspace, that contain the new file(s), will be merged and analyzed. All other views will not be impacted.
The impact is that some workspaces and views will have new analysis results, some will not, resulting in data discrepancies across views and workspaces.
To ensure the entire workspace is current, users can manually re-import data into their existing views or create new views.
Risks and Warnings
When we improve risk alerts, upon next import, we will apply the new policies and requirements. Only the workspace where the new file(s) are imported (manual or connector) will receive updated risks. Upon import and after the views are updated, the risk alerts will be updated. No other workspaces will be impacted.
The impact is that some workspaces will have new risk alerts, some will not, resulting in data discrepancies across workspaces.
To ensure the entire workspace is current, users can manually re-import data into their existing views or users can reset the risks for any workspace in the Policy manager which will remove all current risks and rerun the risks for that workspace.
This section provides a primer on how to review firewall rulesets from three vendors: Cisco, Check Point, and Palo Alto.
Cisco Ruleset Overview
An access control list (ACL) is used to filter network traffic. For an ACL to take effect, it must be bound to an interface on the device. Packets are then matched against the ACLs bound to that interface to determine whether to forward or drop a packet. A MAC, IPv4 and IPv6 ACL can be bound to each interface. Multiple ACL of the same protocol cannot be bound to the same interface, they must be combined to accomplish the desired effect.
Object Groups for ACLs lets you classify users, devices, or protocols into groups and apply those groups to access control lists (ACLs) to create access control policies for those groups. This lets you use object groups instead of individual IP addresses, protocols, and ports, which are used in conventional ACLs.
The image below helps depict the interaction between Object Groups, Access Groups, Rules and Interfaces.
The Object Groups, Access Groups, Rules and Interfaces. are combined into a configuration file as shown below:
NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature. An example is below:
Check Point Ruleset Overview
Check Point segments security management into multiple virtual domains. Security policies can be created and privately maintained per Domain. The image below helps depict the high level interaction between domains and the domain server.
Some security rules can be enforced for all Domains. Global policies can serve as security templates with rules that are applied to many Domains, and their individualized security policies. The Security Gateway is the engine that enforces the organization\’s security policy, is an entry point to the LAN, and is managed by the Security Management Server.
The interaction between domain policies, global policies and the security gateway is depicted below. Note that Global Domain rules can be run before the local Domain rules or after the local Domain rules as cleanup.
NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature. An example is below:
Palo Alto Ruleset Overview
Device groups enables grouping based on network segmentation, geographic location, organizational function, or any other common aspect of firewalls that require similar policy configurations. Using device groups, the user can configure policy rules and the objects they reference. Devices can be organized hierarchically, with shared rules and objects at the top, and device group-specific rules and objects at subsequent levels. This enables the creation of a hierarchy of rules that enforce how firewalls handle traffic. The image below depicts the high level interaction between device groups, subgroups and firewalls.
This can be further broken down into the virtual system. A virtual system is an independent (virtual) firewall instance that can be separately managed within a physical firewall with its own Security policy, interfaces, and administrators.
Device Groups on Panorama allow you to centrally manage firewall policies. You create policies on Panorama either as Pre Rules or Post Rules; Pre Rules and Post Rules allow you to create a layered approach for implementing policy. You can define Pre rules and Post rules in a shared context, as shared policies for all managed firewalls, or in a device group context, to make the rules specific to a device group. Because you define Pre rules and Post Rules on Panorama and then push them from Panorama to the managed firewalls, you are able to view the rules on the managed firewalls but you can edit the Pre Rules and Post Rules only in Panorama.
Pre Rules—Rules that are added to the top of the rule order and are evaluated first. You can use pre-rules to enforce the Acceptable Use Policy for an organization.
Post Rules—Rules that are added at the bottom of the rule order and are evaluated after the pre-rules and rules that are locally defined on the firewall. Post-rules typically include rules to deny access to traffic based on the App-ID™, User-ID™, or Service.
Default Rules—Rules that specify how the firewall handles traffic that does not match any Pre Rules, Post Rules, or local firewall rules.
NP-View reads device configuration files and can be used to review and verify the ruleset configuration using the Access Rules feature. An example is below: