Page tree

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

To improve network security and availability, BMC recommends using rules to audit network configuration standards. This section contains the following topics that describe how to manage network configuration compliance by using BMC Network Automation environment:

 BMC Network Automation is delivered with rules that can help you get started. Some recommended rules include:

  • NTP servers
  • Syslog servers
  • Enable secret
  • Password encryption
  • Disable protocols
  • Defined access control lists should be assigned
  • SNMP community strings
  • Management ACL entries and assignment
  • OS Version

Any configuration lines or blocks in the running or startup configuration can be audited.

When implementing a configuration change using the Deploy to Active or Stored actions with Remediate With and Remediate With All Assigned options, BMC Network Automation applies the rule sets and rules in order, sorted by name.

This enables you to control the order in which rule sets and rules are applied, to eliminate conflicting or syntactically illegal changes. For example, a device can require attribute ABC to be configured before attribute XYZ. In this case, name the rule (for example, rule name = 1-ABC) for configuring ABC so that it executes before the rule (for example, rule name = 2-XYZ) configuring XYZ.

Rule set naming works the same way. If multiple rule sets are applied to a device and order matters, name the rule sets to execute by name order.