Our organization has networks which are very protected. Even attempting to ping hosts inside these networks can trigger very loud alarms, which get governmental agencies asking uncomfortable questions. That leads to my questions.
1. Why did this happen? - There are no devices with POLLING IPs in the restricted range. We do have a Symmetricom time server with an interface that has an ip address in the restricted range. That's not the polling IP, but it is one of the IPs. We did not do a discovery (scheduled or manual) in the restricted networks, and no one was actually here doing anything when the SW server sent a Ping and SNMP request to that IP. It just did something on the backend. This Symmetric server has been in our NPM database for a couple months now, and this is the first time this packet/SNMP has been sent.
2. Can I stop it? - I already unmonitored the interface with the restricted IP on the Symmetricom, and it didn't remove that IP from the node's page, so I do have some concern that the SolarWinds server will try to ping/SNMP into the restricted networks again. Is there any way I can exclude networks from being touched within the management of SolarWinds, itself? Like specify some /16s that are not reachable from the SolarWinds server, etc?
I know I'm kind of being vague, but part of that is even the IP ranges of these restricted networks are restricted information. Thanks!
