KBI 310649 Issue Addressed: Trap Message Ignored When Node Name Is FQDN
Version
Argent for SNMP and Argent for Compliance 1308-A or below
Date
Thursday, 5 Sep 2013
Summary
Engine does IP reverse lookup for the source of trap message
It uses the NETBIOS name format by default
If the licensed node name uses Fully Qualified Domain Name (FQDN), it won’t match
As a result, the trap message is ignored
Technical Background
By design, the Argent AT Engine drops the trap message if the source IP is not licensed.
As customers may license the node by either FQDN or NETBIOS name instead of the explicit IP address, the Argent AT Engine does an IP reverse lookup in order to match the node name
For example, the trap comes from 192.168.2.105, which is utestserver.a.local in DNS.
It will work if customer licenses 192.168.2.105 or utestserver in 3.1A-1308-A or earlier
But if utestserver.a.local is used instead, the Argent AT Engine won’t find it and the following log message is generated:
04 Sep 2013 10:23:51.489 PANWS A\Administrator (4624-432) 01808 Following SNMP trap is received but its source 192.168.2.105 (utestserver) not used in production relators:...
The issue is addressed in 3.1A-1310-A
*** WARNING ***
It is essential the IP reverse lookup works correctly
This can be verified by using the ‘nslookup‘ command
Resolution
Upgrade to Argent AT 3.1A-1310-A or later