Hey All,
I had a question thrown at me today by our firewall administrator, but I can't narrow down the answer, so I am looking for help. He has noticed SNMP get requests on our Cisco ASA devices from something in the Solarwinds environment to IP addresses in the 192.168.0.1-5 range. We are currently not using these addresses, so I am not sure why they are being queried, but it seems to be occurring daily. This is triggering on our IPS so there is some concern, and he would like to reduce our signal to noise ratio. Based on the IP address and the fact that we don't use them, I am figuring this is something running with a default value, and I suspect it might have something to do with the Engineer's Toolset. Since he is the person that installed Solarwinds in our environment, I asked him about the toolset, and he said that he previously had it installed, but said he no longer did and he wasn't aware of anyone else having it.
However, I found that browser integration is turned on in the web console, and the toolset install prompt is there, so I wonder if that can have something to do with this activity. If anyone can provide any information on a possible cause, I would appreciate it.