Interactive Map

The interactive map, also known as the topology map or the network map, is a dynamic map of your monitored devices and the subnets to which they are connected.

The map is created using Topology Intelligence.

You can enter the details of a network traffic flow to see the path of the traffic on the map.

The interactive map includes:

Object

Description

Actions

Cloud

A group of subnets for which a device routes traffic through an interface to an unknown gateway.

The default name of the cloud includes the gateway listed for the routes.

Right click a cloud to see the known subnets that are in the cloud.

For a cloud, you can:

  • Change its name
  • Change its zone type
  • Join or detach other clouds

Public cloud: Azure Vnet, AWS VPC, or NSX-T.

Right-click a public cloud to display its associated routes and subnets.

Click to see the subnets.

Generic Device

A network device that is not monitored by SecureTrack but is included in topology calculations.

Click on a generic device to see its interfaces, IP addresses and routing table.

For a generic device you can:

  • Change its name
  • Upload a new interface and routing file

Monitored Device

A network device that is monitored by SecureTrack.

The names of the interfaces are shown on the connections from the device.

Click on a device to see its interfaces, IP addresses and routing table.

Subnet

A network subnet that is connected to at least one device interface.

Click on a subnet to see the device interfaces that are connected to it and the IP addresses of the interfaces.

For a subnet, you can:

  • Change its subnet type (Internal, External or DMZ)
  • Join or detach interfaces to the subnet

Subnet and Cloud Groups

A group of subnets or clouds that are all only connected to one monitored device.

Click on to open the group and see the subnets and clouds in the group.

Connectivity between virtual systems

Connectivity between two virtual systems (such as virtual firewalls for Panorama)

None

F5 devices

 

A connection that is established over IPSEC.

None

Policy-based routing (PBR) for Cisco IOS routers

None

EVPN network infrastructure. Any device that has VXLAN participation will be connected to the EVPN cloud.

None

A peering connection: Azure, AWS, GCP

  • Two virtual networks (VNets) connected through the Azure backbone network

  • A networking connection between two AWS VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses

  • A networking connection between two GCP VPCs through VPC Network Peering

  • A networking connection between two Palo Alto Prisma Access entities (managed by Panorama) - RN-SPN, MU-SPN, SC-CAN

None

  • Transit Gateway: a service that enables you to connect thousands of Amazon Virtual Private Clouds (Amazon VPCs) and their on-premises networks using a single gateway

  • Palo Alto Prisma Access SC-CAN entity

None

MPLS network infrastructure. Any device that has MPLS participation will be connected to the MPLS cloud.

None

Cisco ACI

Right-click a Cisco ACI device to display its associated routes and subnets.

Click to see the subnets.

Prerequisites

  • Make sure that all of the devices that impact your topology are monitored by SecureTrack.

    For devices that are not monitored, you can add a generic device to represent the device with its interfaces and routes.

  • Permissions

    Access to the map is given only to users with sufficient permissions. The menu option Map will appear only for these users:

    • Administrators

    • Super Administrators

    • Multi-domain administrators, when a domain context is selected and not when All Domains is selected.

    • Users without Administrator permissions can access the map if they have the Any device permission.

Limitations

  • Users without Administrator permissions, and with the Any device permission:

    • Cannot add generic interfaces, generic routes, generic VPNs, or transparent firewalls

    • Can only access the Interactive Map in single-domain environments

  • Limitations

    • Users without Administrator permissions, and with any device permission, cannot add generic interfaces, generic routes, generic VPNs, or transparent FWs.

    • Note that this feature is limited to single-domain environments.

What can I do on this Page?

  • View the Interactive Map - Click to view and navigate the interactive map.

  • View device details - Click to expand and to collapse device details.

  • View cloud suggestions: Click the link in JOIN CLOUDS

  • Investigate traffic paths: Click to investigate a specific traffic path or to Diagnose Broken Traffic Paths.

  • Join or split subnets: Click to join or split subnets

  • Join or split clouds: Click to join or split clouds

  • View devices:

    • Grouped by Domain: Click Domain to group the devices in the map by domain. Relevant for users with Super Admin permissions.

    • Grouped by custom views: Click Custom View to group the devices in the map by custom views

  • Create and manage custom views for grouping devices: Click and select whether to add a new custom group or manage the custom views.

  • Refresh the map: Click Refresh to synchronize the topology for the interactive map

  • Add generic device: Click Add generic device to enter the details for a generic device

  • Add Transparent Devices: Click Add transparent firewall to enter details for transparent devices

  • Export interactive map: Click one of the export options: PNG, PDF, Visio

  • Topology Setting: Select this setting to define when SecureTrack collects topology information from enabled devices.

    The default frequency to run the topology synchronization is every morning at 03:00; however, you can select a Weekly frequency and the time/day of the week when it will run.

    The backup and topology synchronization processes should not run at the same time. To prevent these processes from running simultaneously:
    • Before backing up your database, check that the topology synchronization is not running.

    • Schedule the Backup and Topology Synchronization to run at different times when there will be no overlap between the two processes.

  • Multi-domain only: Click to switch domain contexts and view the devices for a specific domain. Users with "Super admin" permission can also view the Global domain context (see Multi-Domain Management).

Page Controls

Use these controls to navigate in the map page.

Control

Description

Use the arrows to pan around the map, sliding the view up, down, right or left.
/

Use the hand to slide the map.

Click the hand to toggle to the arrow, which you use to highlight a group of objects in the map.

Use the slider or +/- buttons to control the zoom level of the map.

How Do I Get Here?

In SecureTrack, click Map .