How can Cisco Vulnerability Management connect to security applications or on-premise tools that are protected by a firewall?

There are a number of options for on premise tools protected by a firewall. On-premise scanners that can be reached from an external host can have direct communications with Cisco Vulnerability Management. Please contact Cisco support to obtain the IP addresses that you will use to allow traffic through your firewall. If direct access is not possible/allowed, we have two options which will allow for connectivity between your Cisco Vulnerability Management instance and your on premise tools: the Agent and the Virtual Tunnel.

 

About the Virtual Tunnel:

The Virtual Tunnel is distributed as an image on a Linux-based (Ubuntu 14.04) OVA (VMware hardware level 8), which is usable in all modern VM hypervisors. This VM has been tested with VMware Workstation/Fusion/ESXi, Linux KVM, and VirtualBox programs.You must contact support@kennasecurity.com first, before installing the Virtual Tunnel. 

For information on setting up the Virtual Tunnel, click here.

 

About the Agent:

The Agent is an image that you install on your own VM, therefore it differs from the Virtual Tunnel in that it allows access to patch and maintain the image. A common use case for the agent is that it can be used at multiple physical locations unlike the Virtual Tunnel. The limitation with the Agent is that it currently only supports Nexpose, newer versions of Nessus (7 & up) and Sonatype. If you use connectors that are not currently supported by the Agent, including ticketing connectors, we suggest using the Virtual Tunnel. 

For information on setting up the Agent, click here.

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.