Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Network Automation (NA) detects and records device configuration changes. When a device configuration change occurs, NA downloads the configuration into its centralized repository. NA supports multiple real-time change detection and alerting systems that enable you to immediately identify what changes were made and by whom.
For devices that support user attribution via Syslog, such as Cisco IOS devices, NA extracts the username and associates it with a configuration change. If NA cannot associate the username with an NA user, a new user account is created with a randomly generated password. By default, NA appends the term “_auto” to the new user to distinguish it as auto-generated. This enables NA to report ownership for all changes, including ones made by unregistered users. NA uses several methods, including AAA accounting logs, Syslog messages, and Proxy logs to discover the author of a given configuration change.
Access Control Lists (ACLs) are part of the configuration on many devices. They filter network traffic by controlling whether forwarded packets are accepted or blocked at the router's interfaces.
In general, the definition of an ACL is a collection of configuration statements. These statements define addresses, protocols, and patterns to accept or deny. ACLs can be used to restrict the contents of routing updates and to provide network security.
NA retrieves configuration information from devices and extracts the ACL statements and applications from the configuration. NA then stores the ACLs independent of the configuration.
The Configuration Changes page enables you to view configurations that have changed. Devices that appear in red text failed a recent task. Inactive devices are indicated with an icon next to the IP address.
With configuration changes shown in different colors, you can easily scan two configurations and quickly identify the areas that have changed. Without NA to automatically identify a misconfigured device, you must manually connect to the device, call up the configuration, and identify if there is anything anomalous about it.
To view a complete list of all recent configuration changes, on the menu bar under Devices, click Configuration Changes. The Configuration Changes page opens. You can click a device to view specific device configuration information.
To view configuration changes for a specific device:
You can add or edit configuration comments by clicking the Edit Inline Configuration Comments option from the Edit menu.
A watch group is a device group of devices that are of particular interest to an NA user. The watch group is associated with a Watch Devices event rule that defines when NA should send an email notification to the NA user identified in the watch group name.
The Compare Device Configuration page displays two configurations for the same device side-by-side. Additions, deletions, and changes are highlighted in two columns with line numbers on the left. Each configuration is identified by its unique IP address and the date/time on which the configuration snapshot was taken.
To compare two configurations from different devices:
There are two ways to deploy a configuration:
For more details : https://docs.microfocus.com/doc/Network_Automation/2022.05/ManageDeviceConfigurations#About_watch_groups