Hey Guys,
As many of you are already aware the Solarwinds product offers a way in which to make sure you network devices are compliant to your company or companies needs, be it for a standard or security.
I have been creating multiple compliance rules and to be honest I think it's about time i shared one.
This is one of my best compliance rules, that helps maintain any interface with a "Public IP" address on it, and applies the below.
Disable IP Redirects / Unreachables & Proxy-Arp
Here is the Regex details explained
Search for any public IP Address, so ignores all private subnets 10.0.0.0/8, 172.16.0.0-172.31.0.0/16 and 192.168.0.0/16
Regex string = (^\s(?=ip address ([0-9]\.|[0-9][1-9]\.|1[0-9][0-13-9]\.|1[0-689][0-9]\.[0-9]\.|1[0-689][0-9]\.[0-9][0-9]\.|1[0-689][0-9]\.[0-9][0-9][0-79]\.|2[0-145][0-9]\.|22[3]\.))).*\r\n
If a public IP is found? apply "no ip redirects", "no ip unreachables" and "no ip proxy-arp".
Ignore if the interface is in a "Shutdown" state.
This searches all the interfaces except Management interfaces
Regex String = ^(?!\s)interface (Giga|[Ee]ther|TenGiga|[Pp]ort-ch|[Vv]lan|[Tt]unnel).*|(Fast|Giga).*[^0|1]\n
Finally the remediation script
This will then apply the commands to all devices that have failed this compliance check.
Hope you find this useful.
