1 2 Previous Next


18 Posts

AppInternals “Agent Collector”


As applications and infrastructure evolve to the cloud and to a more exposed environments, architects and developers have to adapt their design to cope with the challenges that come with this change.


AppInternals users have increasingly asked for an agent collector, often also called agent aggregator. Those users are generally looking for solutions to cope with security constraints, as deploying App servers on a DMZ, or AppInternals Analysis Server (A.S.) on a DMZ.


There are several reasons to have a collector:

  • To simplify access and control (single point of access)
  • To secure the App server
  • To secure AppInternals Analysis Server
  • To simplify deployment and config (add only 1 firewall rule)
  • To comply with regulations (where is your monitoring sensitive data sitting?)

Just to mention a few.


This post/article describes the step-by-step process to setup a collector based on a freshly installed Linux box. We are using Centos 7 for the Linux install base and nginx for the reverse proxy software.


The typical use case of reverse proxy is the 1:N or N:N approach, where one or several users try to access a resource that is either protected or load balanced by the reverse proxy, as depicted below:


The deployment we are looking for, is the opposite of this typical deployment. The agents will point to the reverse proxy, which will then forward to the AppInternals A.S., in a N:1 approach.




Squid vs nginx: forward vs reverse proxy


AppInternals agents introduced support for proxy servers on version 10.8, which can respond to a number of challenges cited, but still AppInternals admin continue to ask for a sort of aggregator that could be used as an intermediate collector in front of AppInternals A.S.


The reverse proxy has its own use-case that forward proxy cannot address. The objective of this post is not to lecture on proxy, but very briefly these are some of the reasons to choose reverse over forward proxy:

  • Single point of control

A rendez-vous point for AppInternals agents. Only 1 IP to change on firewall makes the administration easier. An open linux box allows the AppInternals admin filter who can use it to reach the A.S.

  • Centralized config

If you change your A.S. hostname, or need to migrate, you just change the reverse proxy config, no need to touch the agent config. This is a big advantage of reverse proxy when compared with forward proxy solutions. The forward proxy do the aggregation of traffic, but the agent holds the A.S. hostname/IP.

  • Simplified config

Reverse proxy offers a much simpler approach to limit web access only to a single address or web resource. That it is what it is meant to do. Forward proxy can also filter the content, but it seems that the setup is a much more convoluted than the reverse proxy.


Note that reverse proxy is not a one-fits-all solution, there are disadvantages, for example, no easy way to implement authentication.


Typical Architecture


On our lab environment was thought to answer users/admins requests. A common scenario brought to us is a DMZ architecture to make easier to manage firewall, as below:


This setup allows network admins to add 1 firewall rule only *once* for the nginx instead constantly managing rules for each server IP.


The other scenario often used that helps servers, which cannot access the internet. to send data to AppInternals on SaaS. See below:



Another typical deployment is to protect the Analysis Server in your Data Center, and use the reverse proxy to aggregate all the agent connections, located on DMZ or cloud, to send it to AppInternals A.S. on the Data Center.





As mentioned, we are using CentOS 7 as base, but any version should work, what will change is the yum repository config, and how you start and enable services. The details on how to perform tasks around yum and nginx install are widely covered on internet and is out of the scope of this how-to.


In our example, the reverse proxy hostname is vip.mlab.loc and the port is tcp/8443.


NGINX config:

On CentOS 7, the config file is located at:



The structure of this file comes by default with Centos. We will only change the content of the tag http{…}.

You will add the following:


    upstream aia-saas {

        server AS-IP:443;

        keepalive 15;


    server {

        listen 8443 ssl http2 default_server;

        server_name  _;


        ssl_certificate "/etc/pki/nginx/nginx.crt";

        ssl_certificate_key "/etc/pki/nginx/nginx.key";

        ssl_session_cache shared:SSL:1m;

        ssl_session_timeout  1d;

        ssl_ciphers HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers on;


        location / {

            proxy_pass https://aia-saas;

            proxy_http_version 1.1;

            proxy_read_timeout 1d;

            proxy_send_timeout 1d;

            proxy_set_header Upgrade $http_upgrade;

            proxy_set_header Connection "upgrade";

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;





Replace the AS-IP with the IP of your AppInternals Analysis Server (A.S.). This is the IP address that nginx will use to forward requests coming on tcp/8443, which is defined on the config listen, under the config block server{…}. See above:


As you may have realized, a self-signed certificate was generated for nginx. This is the openssl command for this:

$ openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout nginx.key -out nginx.crt


And put those files onto the folder according to what was specified on the nginx.conf (see above): /etc/pki/nginx/.


AIA Agent config:

On the AppInternals agent side, this is the config that needs to be done for an on-premises A.S.:


        <Attribute name="AnalysisServerHost" value="vip.mlab.loc"/>

        <Attribute name="AnalysisServerPort" value="8443"/>


If you care to do the same for the SaaS A.S., there is just 1 line to be added:


<Attribute name="SaaSAnalysisServerEnabled" value="true"/>

<Attribute name="SaaSAnalysisServerHost" value=" vip.mlab.loc "/>

<Attribute name="SaaSAnalysisServerPort" value="8443"/>


Note that for the SaaS config there is a preceding SaaS mention on the config. When the config statement SaaSAnalysisServerEnabled is ‘true’ the agent ignore the AnalysisServerHost statement and only use the SaaSAnalysisServerHost config instead. The same will happen for the port config, the AnalysisServerPort will be ignored and SaaSAnalysisServerPort.


Remember to keep the original SaaS Server hostname that comes by default, below:

        <Attribute name="SaaSAnalysisServerHost" value="collector-1.steelcentral.net"/>

To use it for the nginx config.


If you want to use the forward proxy, this is the config to be changed

        <Attribute name="ProxyServerEnabled" value="true"/>

        <Attribute name="ProxyServerHost" value="proxy.mlab.loc"/>

        <Attribute name="ProxyServerPort" value="3128"/>


Check out Golan's reponse to this splash question that explains extensively all the knobs to troubleshoot a proxy config. Note that the forward proxy config is irrespective of the  agent using SaaS or on-premises A.S.

Watch this great video detailing how to generate and upload a sysdump from AppResponse 11.




Great video about  Riverbed Modeler Academic Edition - Licensing and Installation

Riverbed Modeler Academic Edition - Licensing and Installation - YouTube

Watch this great how to video showing how to import traces into SteelCentral Transaction Analyzer.



The big news of the NetProfiler 10.11 release is that we doubled the flow capacity. Yes, a 100% increase - from 10 million dedeuplicated flows per minute (FPM) to a whopping 20 million deduped FPM. This equates to 200 million raw flow per minute.


We also made a number of tweaks that resulted in significant performance advancements in query, I/O and reporting. But the real news is that we've been consistently making performance improvements for the past three releases and these gains are really starting to add up.


SteelCentral Flow Gateway Buffering provides data resiliency whenever there is loss of connectivity between the Flow Gateway and NetProfiler or when the NetProfiler is down. Flow Gateway temporarily stores flows on its hard drive until connectivity is restored and the flows can again be delivered to NetProfiler. When connectivity is restored, on-time flows take priority over buffered flows.


Expanding on the recent theme of menu integrations, NetProfiler 10.11 offers a more directed right-click menu option for SteelCentral AppResponse 11. Now when you right click any dashboard and UI widget with Hosts, you get a choice of AppResponse 11 appliances and then a choice of module -- either ASA, WTA, DBA. The link takes you to the Insights page for the selected modules.


NetProfilers 10.11 adds several other usability enhancements, including:

  • The ability to search for interfaces on the Navigate Network Page
  • Moving the Manage Preferred Interface List to Interface Groups
  • Ability to send and receive AppResponse 11 and NetShark flows on AUX
  • Dashboard permission changes

In this release of SteelCentral AppResponse, version 11.1.0, we introduced brand new products and features, in addition to the expected parity features that continue to fill out the AppResponse 11 capabilities.



The AppResponse 2200, 3300, 3800 models can now all upgrade to AppResponse 11. This allows these Hawk boxes to get all the new AppResponse 11 capabilities and modules without a forklift trade up. (The rest of the line will be coming soon!) However, while the upgrade process is destructive, we have created a couple of tools to help smooth things along. The first creates an AppResponse archive VM for your 9.x data. This allows you to refer to your past data but does not allow collection. This is available for both pre-AppResponse 11 upgrades & trade-ups. The second is an Import script for Business Groups and applications configurations, which allows this data to be moved to AppResponse 11 and translated to the appropriate new terminology. For example Business Group to Host Group.


The new, high-end packet capture appliance, SteelCentral AppResponse 8170, is our highest performing and offers an incredible 1.152 PB (that’s petabyte) of storage and double the RAM for increased processing. The 8170 is considered limited availability; which means the hardware is rock solid, but the software is beta and is still being tweaked in order to reach its fullest potential.


SteelCentral Transaction Analyzer Plus (TAP) not only bundles SteelCentral Packet Analyzer Plus with SteelCentral Transaction Analyzer for free, but the cost of Transaction Analyzer Plus has been reduced to $40K to make this transaction analysis and performance prediction tool more affordable for everyone.



AppResponse 11 integrates with SteelCentral Portal. AppResponse is supported on Portal version 1.5.0. With support for application information, connection requests, host groups, connection problems, and top talkers, this enhancement advances SteelCentral’s ability to manage application-aware network performance monitoring as an integral component of Portal’s blended performance management.


New Modules and Other Features

The Database Analysis (DBA) module is an optional module for SteelCentral AppResponse11 for network-based database monitoring. It’s now natively embedded into AppResponse and monitors database transactions and user activity 24x7. Watch the video.


TruePlots are scatter plots showing a metric over time. For example, it can be actual page time measurements for an individual page view or database transactions. The value of TruePlot is that it helps you easily highlight trends and anomalies.


Finally, there’s RADIUS and TACACS+ authentication, which gives AppResponse 11 users and administrators single sign on and new ways to interact with the Web UI.


So, as you can see, the AppResponse engineers were very busy these past few months cranking out great new capabilities for you to use to quickly solve network, application and database performance issues. For more information about these or other AppResponse 11 capabilities, please ask your Riverbed sales representative or partner.

SteelCentral NetProfiler 10.9.5 includes new features that improve integration with SteelCentral AppResponse 11, new ways to create custom application definitions and performance improvements. Reports now run up to 25% faster and pages load faster for flow log configurations and system information. This provides a better user experience and speeds problem resolution.


With this release, SteelCentral NetProfiler, SteelCentral NetExpress and SteelCentral Flow Gateway can now receive flow data from SteelCentral AppResponse 11. Naturally, any data sent from an AppResponse 11 can then be accessed via the click-to-packet feature from NetProfiler reports. Also as a result of this feature, NetProfiler users can auto-recognize more than 1300 applications and they have some of the fastest troubleshooting available, allowing them to go from high-level dashboard views to packets (i.e., the answers) in just a few clicks. In addition, AppResponse 11 can synchronize with NetProfiler application definitions.


We also changed the way you define custom apps. There are now three ways to map traffic attributes to an application name in order to create a custom application definition. You can map:

  • Hosts, host groups, protocols, and ports to an application name
  • Auto-recognized applications to an application name
  • URLs to an application name


The release also these ease-of-use improvements:

  • More selections for traffic unit displays. For example, you can display total traffic volumes in bytes while displaying throughputs in bits per second.
  • "Top" time series displays can be limited to a specified number of 1 to 10.
  • Notifications if a data source is caching flow records before sending or has an active timeout of greater than 60 seconds.
  • Ability to schedule monthly reports to run on a specified nth day of the month and quarterly reports to run on a specified nth day of quarter, regardless of calendar dates.
  • Ability to specify the automatic refresh interval of a Dashboard independently from the data resolution of widgets.
  • Smarter health alert notifications.

Some time ago I was running through a SteelCentral Demo with a partner in the region when they said the root cause of a problem they were having was excessive TCP retransmissions. They seemed unhappy with that, and they were unsure on what to do next. This is a prime example where knowing the basics will take over, and lacking basic knowledge will prevent you from figuring out how to solve this problem.

To figure out what is wrong boils down to the questions: how does TCP work and when will TCP retransmit? As TCP is a reliable protocol, this means that packets sent are acknowledged that they are received before the sliding window algorithm can move on. If an acknowledgement is not received then the same packet is resent until an acknowledgement is heard. So if there are TCP retransmissions that boils down to two main scenarios:

  1. The traffic never made it to the receiver or it was received and failed a data integrity check and therefore never sent an acknowledgement
  2. The acknowledgement was lost returning to the sender and was never received, OR the acknowledgement took too long (received after timeout), therefore incurring a retransmission

At this point more knowledge of the network is needed and both sides need to be examined/excluded as cause. If there are packet drops, we then need to look at causes of packet loss in the network. Some prime examples include:

  • Incorrectly configured QoS/rate limiters/queue drops
  • Over taxed network equipment which causes packet loss/delay
  • A security device in the network (or client side) that drops traffic (IPS, stateful firewall)
  • Asymmetric routing or other routing issue (black holes)

We also need to look at reasons for data corruption/excessive latency to cause retransmission.

  • Dirty/incorrect fiber types
  • SMF over very short distances (yes, using Single Mode Fiber at a short distance will cause reflections along the fiber and “echoes” that can cause incorrectly received bits at the receiving end)
  • Asymmetric routing/routing issues which can cause latency
  • Other environmental issues (I have seen things like rats gnawing on fiber and even fiber that had been thrown over a hot water pipe and was partially melted)

Please keep in mind that these are not comprehensive lists, just a “top of my head” list that I thought of in a few minutes, but again, basics are what leads me to figure out my next steps and how to address this issue.

SteelCentral AppResponse 11 and SteelCentral Packet Analyzer Plus, versions 11.0.1, are now available for upgrade for all existing NetShark xx70 customers on active maintenance on the Riverbed support site!


SteelCentral AppResponse 11 provides powerful, flexible network and application analytics and workflows to speed problem diagnosis and resolution. It combines network forensics and historical analysis, application analytics and end-user experience monitoring in a single solution so you have everything you need at your fingertips to resolve performance issues quickly.


This release of AppResponse 11 also adds:

  • Flow export to SteelCentral NetProfiler
  • Support precision time stamps and pre-slice packet length analysis from network tap aggregators, including Gigamon, Anue/IXIA, cPacket, and Arista
  • Four new virtual modules: the AppResponse 100v, 500v, 2000v and FLOWv







Secondary Storage

Up to 100GB

Up to 2TB

Up to 8TB

Up to 100GB


VMware ESXi 5.5 and 6.0





System Disk Space


Capture Ports

Up to 8

Management Ports



On an earlier version of NetShark and want AppResponse 11? Check out our trade up options or talk to your account rep for more information.



Please be advised that we just added a Splash page for the new SteelCentral Portal offering.  Please be sure to check it out at SteelCentral Portal.


Best regards,

Erik Hille, Product Marketing

SteelCentral Portal

Reference applications come in all shapes and sizes. They're generally designed to help developers learn how to use new languages, APIs, or frameworks, but they can also be extremely useful for evaluating application performance management tools, such as Riverbed® SteelCentral™ AppInternals.  In this blog post, I'm going to share my experience using the AppInternals component of SteelCentral to evaluate end-user experience with a reference application called TicketMonster.


TicketMonster is a modern web application that is representative of an online ticketing broker - providing access to events (e.g. concerts, shows, etc) through an online booking service. This application uses both Java and .NET web services in a multi-tier heterogeneous environment that is typical for many AppInternals deployments. The application map looks like this:

application map.png


The load for this application was produced in a fashion that simulated a global user base using all kinds of browsers and operating systems. AppInternals reflected these usage patterns nicely with visualizations such as those shown below:



We can use this environment to exhibit a realistic workflow for diagnosing delays which occur when customers attempt to purchase large ticket orders. In a business context, this is exactly the type of problem that would have urgency in the real-world, since users placing large orders could conceivably be the "power users" who generate the most revenue on our site.


The following video demonstrates the powerful search capabilities in AppInternals to make three key observations:

  1. Determine how often users experience slow ticket orders
  2. Identify a root cause (slowest class and slowest method)
  3. Identify the email addresses for affected users



After seeing this demo, the uninitiated may be inclined to ask,

  • "I can trace a transaction even as it executes across different servers?"
  • "I can trace a transaction that happened weeks ago?"
  • "And I even have access to call stacks that illustrate execution paths through both Java and .NET services???  WOW!"
  • "The capability to instantly access so many details for transactions in my production environment is something I absolutely must have!  Where have you been all my life!"


stick figure dialog 02.png



The TicketMonster application is well suited for showcasing many of the capabilities of AppInternals. We were able to quickly pinpoint and diagnose performance problems in TicketMonster and get immediate answers to complex business problems, such as "How can I identify our most valuable users and detect when they experience poor application performance?".

For more information about application performance management with SteelCentral AppInternals, visit www.riverbed.com/products.

Riverbed is pleased to announce the availability of VNE Server 9.0 and 17.5 PL6 versions of Network & Transport Planner, NetMapper, Sentinel and nCompass. This release includes a variety of new features, enhancements and bug fixes. Some of the key features are mentioned below. Please refer to the Release Notes for the complete list of features.

VNE Server

  • VNE Server Integration with Dashboards 2.2 with additional out of box templates and support for user-defined metrics
  • Out-of-the-box grouping of devices by vendor and function
  • Improved logging and reporting of auto-discovery and LCI process


SP Sentinel and IT Sentinel

  • All existing DISA STIG rules are now updated to support version 8 r15
  • Over 250 new hardware EOL, OS EOL and Security Vulnerability rules



  • IPv6 address and routing information in diagrams
  • Display of Nexus Virtual Port Channel (VPC) configurations
  • Display of static and dynamic IPSec tunnels for ASA firewall and IOS devices
  • Virtualization diagrams showing ASA firewall and FWSM Security contexts


SP Guru Network Planner and IT Guru Network Planner

  • Network Capacity Reports in PDF format
  • Out of the box WAN consolidation report showing potential areas for cost saving
  • Tabular reports that can be docked to the project editor for easy access


SP Guru Transport Planner

  • Single-pass multiple bit rate grooming in transport planner for core and metro networks
  • User-defined shared risk groups with a fail-together option


The Software and Release Notes can be obtained in the OPNET Network Engineering, Operations, and Planning section at https://support.riverbed.com/software/index.htm

OPNET Technologies - now part of Riverbed Technology - is pleased to announce the availability of NetOne - Riverbed's suite of products for network engineering, operations, and planning - version 17.5 PL5. Some of the key features of this release are mentioned below. Please refer to the Release Notes for the complete list of features.

SP Sentinel and IT Sentinel

  • New rules for configuration auditing of Cisco Wireless LAN Controllers
  • Rule updates to support Cisco Nexus OS for multiple rule suites including AAA, Administration, ACLs, Route Maps and System Logging
  • Sentinel Advisory Service (SAS) is now provided to all maintained Sentinel customers, with more than 400 hardware EOL rules added since 17.5 PL3


SP NetMapper and IT NetMapper

  • DMVPN (Dynamic Multipoint VPNs) diagrams displaying tunnels between spoke-and-hub devices
  • Cisco Nexus 2000 Fabric Extenders (FEX) in diagrams showing the relationship of the extenders to the switches and end-system connectivity


SP Guru Network Planner and IT Guru Network Planner 

  • Time-zone aware capacity planning reports including per-time zone business hour definitions
  • Analysis, visualization, and reporting of the effectiveness of protection provided by IP Fast Reroute/Loop Free Alternates
  • IPv6 VPN (6VPE) support for Cisco, Juniper, and Huawei
  • Layer-2 switching and bridging support for JUNOS devices including EX switches, MX routers, SRX firewalls, and SDGs (Service Delivery Gateways)


SP Guru Transport Planner 

  • Full ROADM (Reconfigurable Optical Add/Drop Multiplexer) support including representation of color-less, direction-less, and contention-less characteristics
  • Route Validation report to analyze and report on compliance of connection routes with protection requirements (i.e., diversity constraints)
  • Updated web report look-and-feel including sorting and filtering of report contents

In addition, bug fixes for all products of the NetOne suite, including nCompass, are included in the new release. 

NetOne 17.5PL5 Software and Release Notes can be obtained in the OPNET Network Engineering, Operations, and Planning section at https://support.riverbed.com/software/index.htm.

July 2013 edition of Sentinel Advisory Service update is now available for Sentinel version 17.5 PL3. This update includes 69 new rules for the security advisories and end-of-life notices listed below.


  • Security Advisories:
    1. Cisco Security Advisory - Cisco ASA 5500 Crafted URL Denial of Service Vulnerability (cisco-sa-20130410-asa)
    2. Cisco Security Advisory - Cisco ASA 5500 Denial of Service During Validation of Crafted Certificates (cisco-sa-20130410-asa)
    3. Cisco Security Advisory - Cisco ASA 5500 DNS Inspection Denial of Service Vulnerability (cisco-sa-20130410-asa)
    4. Cisco Security Advisory - Cisco ASA 5500 IKE Version 1 Denial of Service Vulnerability (cisco-sa-20130410-asa)

  • OS End-of-Life Notices:
    1. Cisco End-of-Life Notice - PIX OS Release 6.3 for PIX 500 Series
    2. Cisco End-of-Life Notice - IOS Release 12.2(18)S for 7200 / 7300 Series Routers
    3. Cisco End-of-Life Notice - IOS Release 12.2(14)S for 7200 Series Routers
    4. Cisco End-of-Life Notice - IOS Release 12.3(14)YM for 7200 Series Routers
    5. Cisco End-of-Life Notice - IOS Release 12.4(4)XD for 7200 Series and 7301 Routers

  • Hardware End-of-Life Notices:
    1. Cisco Catalyst 6500/Cisco 7600 Series Router Anomaly Guard Module and Anomaly Detector Module
    2. Cisco 4-Port Ethernet Network Module
    3. Cisco 851 Integrated Services Router
    4. Cisco 7304 Series Router
    5. Cisco 4-Port Ethernet WAN Interface Card
    6. Cisco Multiple Interface Processors
    7. Select Port Adapters for Cisco 7100, 7200, 7400 and 7500 Series Routers
    8. WAN Interface Card for Cisco 1600, 1700, 2600, 3600 and 3700 Series Routers
    9. Select Fast Ethernet Port Adapters for Cisco 7100, 7200, 7400, 7500, and the uBR7200 Series Routers
    10. Cisco 8-Port Multichannel T1 and E1 Port Adapters
    11. Cisco 1- and 2-Port T1/E1 Multiflex Voice/WAN Cards
    12. Cisco 7200 and 7500 Series Dedicated Token Ring Port Adapter
    13. Cisco 12000 Series SPA Interface Processor-600
    14. Select Cisco Second-Generation 2-Port Voice Interface Cards
    15. Cisco Interface Card and 4- and 8-Port ISDN BRI S/T Network Modules
    16. Cisco Application Runtime Environment Advanced Integration Module
    17. Cisco 1-Port GBIC Gigabit Ethernet Network Module
    18. Cisco 16-Channel DSP Module for High-Density Analog Voice/Fax Network Modules
    19. Cisco 3G Wireless High-Speed WAN Interface Card
    20. Select Parts for Cisco Unified Videoconferencing 3500 and 5200 Series Products
    21. Cisco Content Switching Module with SSL
    22. Cisco 7200VXR and uBR7200 Series NPE-400 Network Processing Engine
    23. Cisco 7600 IPSec VPN System Bundle
    24. Cisco Catalyst 6500 Supervisor Engine 32 PISA
    25. Cisco 4-Port E1 G.703 Serial Port Adapters
    26. Cisco 8-Port X.21 Serial Port Adapter
    27. Cisco ASR 1000 RP1 2-GB DRAM Memory Module
    28. Cisco 8-Port 100BASE-TX Fast Ethernet Shared Port Adapter (Gila ASIC)
    29. Cisco 8-Port Gigabit Ethernet Shared Port Adapter
    30. Cisco 10-Port Gigabit Ethernet Shared Port Adapter
    31. Cisco 7600/Catalyst 6500 IPsec VPN SPA and Carrier Module
    32. Cisco 1-Port 100BASE-FX Fast Ethernet Network Module Version 2
    33. Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Card
    34. Cisco 2-Port Gigabit Ethernet Shared Port Adapter
    35. Cisco CRS 1-Port OC-768C/STM-256C Tunable WDMPOS Interface Module
    36. Cisco 1811 Fixed Configuration Models
    37. Cisco 1812 Fixed Configuration Models
    38. Cisco 2- and 4-Port Multichannel T1 Port Adapters with Integrated CSU/DSUs
    39. Cisco 2621XM-DC Multiservice Router
    40. Cisco 1- and 2-Port 10/100 Ethernet 2-WAN Card Slot Network Modules
    41. Cisco 1805 Integrated Services Router
    42. Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers
    43. Cisco 4-Pair Symmetric High-Bit-Rate DSL High-Speed WAN Interface Cards
    44. Cisco 32-port Async/Sync Serial Network Module
    45. Cisco ASR 5000 Packet Services Card (PSC) 16GB
    46. Cisco ASR 5000 Ethernet and Optical Line Cards
    47. Cisco CSS 11500 Series Content Services Switches (EOL8150)
    48. Cisco 3800 Series Integrated Services Routers
    49. Cisco 1841 Integrated Services Router
    50. CiscoPro CPA1100 Series
    51. 16-Port 10/100 Ethernet Modules and Gigabit Ethernet Daughter Card for Multiple Cisco Routers
    52. Cisco 7600 Series Ethernet Services Plus 2TG and 4TG Line Cards
    53. Cisco High-Performance ATM SAR AIM Modules and Bundles
    54. Cisco XR 12000 Series IPSec VPN Shared Port Adapter
    55. Cisco 3200 Series Mobile Access Router - Selected Components
    56. Cisco ADSL2 and ADSL2+ High-Speed WAN Interface Cards
    57. Cisco 5-Port Gigabit Ethernet Shared Port Adapter
    58. Cisco 2-Port OC-3c/STM-1c ATM Shared Port Adapter
    59. Cisco 4-Port OC-3c/STM-1c ATM Shared Port Adapter
    60. Cisco 1-Port OC-12c/STM-4c ATM Shared Port Adapter

You can download this update directly from Sentinel product by:

  • Adding an automation step to download new advisories (See user guide section: "Modules / NetDoctor / Sentinel Advisory Service"), or
  • Manually selecting NetDoctor / Advisories / Download Now

All customers with active maintenance contracts should be able to set up the above automation step for monthly advisory downloads.

You can also download the installer from https://sas.opnet.com/updates (requires login).

Please refer to following workflows in Sentinel documentation on how to enable and use the advisories:

  • Auditing Networks Against OS End-of-Life Notices
  • Auditing Networks Against Hardware End-of-Life notices
  • Auditing Networks Against Vulnerability Notices


Please contact Riverbed Technical Support with your questions/comments.



Sentinel Product Management

Filter Blog

By date:
By tag: