NRPE requests getting blocked by Palo Alto TRAPS security pr

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
joshudan
Posts: 1
Joined: Fri Jan 26, 2018 3:31 pm

NRPE requests getting blocked by Palo Alto TRAPS security pr

Post by joshudan »

Hi!

We recently implemented a new product, Palo Alto Network's TRAPS security system. This system is now blocking almost all of our NRPE traffic because it sees it as a reverse-shell exploit.

Is this a known issue? Any workarounds or config changes we should make to get this working? We are trying to get them to add exceptions but the security team says that there isn't a way to whitelist this traffic without making exceptions for each of our thousand monitors (not sure how sincere that statement is, but it is all I have to work with)

Any help is greatly appreciated!

-- josh
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: NRPE requests getting blocked by Palo Alto TRAPS securit

Post by cdienger »

This would be the first time I've hear about this. Is it triggering based on the actual communication or simply on port? If it's the actual traffic that it is triggering on, then one option that could work would be to encrypt the traffic: https://support.nagios.com/kb/article/n ... y-519.html and with nsclient I believe you just need to edit nsclient.ini to contain:

Code: Select all

[/settings/NRPE/server]

ssl options = no-sslv2,nosslv3

use_ssl = 1
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”