Network Mapping and Visualization

Overview

Gain complete visibility into your infrastructure with dynamic network mapping and real-time visualization across hybrid networks.

To understand and maintain a complex network, you need to see how the different parts of your network infrastructure fit together and interact.

Network Mapping and Visualization guides you through using SecureTrack to:

Visualize your network topology, and keep it accurate and up-to-date
Understand how different parts of the network relate to and interact with each other
Gain clear visibility into connectivity and dependencies across environments: on-premises, cloud, and hybrid

Network Mapping and Visualization builds and maintains the topology data that network path analysis depends on.

Why this matters

An up-to-date topology gives you confidence and control over your network, helping you:

Understand network connectivity at a glance
Make informed decisions about network design and optimization
Reduce the time spent troubleshooting and analyzing disconnected components

Deliver accurate end-to-end visibility of network infrastructure for ongoing maintenance and topology updates
Simplify capacity planning, and evaluating impact of changes
Empower data-driven network design and optimization decisions

Who this is for

Network engineers responsible for maintaining and updating network topology
System administrators responsible for maintaining device visibility and continuous sync health and
Cloud engineers validating hybrid network representation.

Key capabilities

Network mapping and visualization leverages key features in SecureTrack to provide network mapping and visualization:

Map to visualize network elements and customize topology views
Join Clouds to connect devices not monitored by SecureTrack
Manage Devices, Device Viewer and Generic Device to add interface and routing information for unmonitored or disconnected devices, or update configuration for existing devices when identifying and resolving islands)
TOS Discovery to discover unmonitored Cisco devices

Prerequisites

Successful completion of Centralized Security Policy Visibility, which covers adding and managing devices to monitor, essential for building an accurate network topology.

Step 1: Visualize network topology

The first step is to visualize monitored devices and the subnets they are connected to in a dynamic topology map.

Use SecureTrack's Mapto view a live diagram of your environment.

Visualize network topology

Select Map to view your network topology. Explore the layout and options available.
You can pan, zoom, explore devices, and review how everything is connected.

See Explore the topology map.

View device details

Click a device to display information in the Info panel. The information helps you quickly understand what a device is, where it is, and what you can do with it.

Click the expand icon if present to view additional information on the device.
Click the context menu to view the actions available for the device.

See View device details.

Step 2: Customize Map views

The default Map view displays all network devices. You may need a more structured, uncluttered view of your topology map by creating personalized topology layouts of network devices.

Use Map's View by options to create a clear, intentional representation of your network. Toggle between predefined view options and the custom views you define to see how network devices are clustered.
- Ungrouped view: The default, unfiltered view of all devices.
- Domain view: Devices grouped by the domain in which they are deployed.
- Custom view: Devices grouped into Custom Groups created according to criteria meaningful to you, such as device type, region, function, or owner. You can save and share custom views across teams for efficient reuse.

See:

Map views

Creating and Managing Custom Groups for Viewing Devices

Step 3: Join clouds to connect devices

Your network topology can include devices not monitored by SecureTrack. In cloud or hybrid environments, these devices often appear as unmonitored clouds. When such clouds represent connected parts of the network, you can join them to create paths between subnets and connect devices.

This step is especially important when you know that two areas of the network communicate, but the topology map does not yet show the connection.

Use Map's Join Clouds to link unmonitored clouds. Joining Clouds fills gaps in the topology, creates accurate paths between subnets, and ensures the map reflects actual network connectivity.

See Join Clouds.

Step 4: Identify and resolve Islands

Your topology map can show isolated parts of the network. These parts represent disconnected areas of your topology—Islands—indicating missing devices or incomplete data.

In this step, you'll identify the reasons for Islands, and use Join Clouds to resolve connectivity using the following process.

Check for cloud representation

Check the list of cloud IPs by clicking Cloud:

If the IP belongs to a device you do manage, simply update the device configuration through SecureTrack's Manage Devices.
If there are several unmanaged clouds, continue with Generate Cloud Suggestions.

Generate Cloud Suggestions

If you identify several unmanaged islands, generate Cloud Suggestions to analyze route data for specific cloud devices.
Export these suggestions to a CSV file for offline analysis or sharing.

See Generate and view Cloud Suggestions.

Integrate devices based on Cloud Suggestions

After generating Cloud Suggestions, you have different options to integrate devices based on what the suggestions represent.

The goal is to give SecureTrack enough information to accurately integrate these islands into your topology map.

Managed devices: Integrate it as any standard device
Unmanaged cloud-provider devices: Use Join Cloud.
SD-WAN unmanaged links: Create a Generic Device.

See:

Add devices for monitoring

Add and update a generic device

Regenerate Cloud Suggestions

After integrating devices, regenerate Generate Cloud Suggestions. Repeat the process until there are no more islands to connect.

Step 5: Validate topology data for path analysis

Use this step to verify that the topology data behind Map is complete and accurate before you rely on path analysis results.

Even after you connect clouds and resolve islands, missing or stale route, interface, Layer 2, VPN, Dynamic Data, or passive-interface information can cause inaccurate or incomplete paths even when the topology appears connected.

Verify Dynamic Data

Verify if Dynamic data is enabled for the device and that the most recent data was successfully retrieved. Review the path and identify the broken or greyed-out hop.

In Map, click the device and expand the Info tab. Check if Dynamic data displays Enable.
If not enabled, go to Monitoring > Manage Devices, and edit the device configuration to select the option.

Validate device routes and interfaces

If a rendered path is incomplete, drill down into the affected device and verify its routing and interface data. If needed, repeat the check on the previous hop.

Complete layer 2 segmentation

If a missing firewall or hop is a Layer 2 device, gather the connected Layer 3 information and complete the Layer 2 segmentation in the topology.

Model VPN gaps

If the path includes a VPN, gather the VPN peer information and model the tunnel by using Generic VPN settings.

Resolve passive or duplicate-IP interfaces

Your network paths can include HA (high availability) devices with sync interfaces that do not participate in actual traffic, or devices with multiple interfaces that share the same IP address. Such devices when included in path analysis generate false path links.

Separate these passive interfaces for the path to reflect only active interfaces.

Use Split Networks to separate these interfaces and avoid false path links.

See:

Topology intelligence

Transparent firewalls

Show routes for monitored devices

Show interfaces for monitored devices

Generic route-Based VPN connections

Joining or splitting subnets

Step 6: Set topology sync schedule and scope

Once your topology is accurate, keep it up to date by scheduling automated sync, and the scope of the sync.

Set sync schedule

Use Map's Topology Settings to specify the topology sync schedule. By default, SecureTrack runs an automated sync weekly at 3:00 AM.

See Topology sync schedule.

Set sync scope

In addition to the sync schedule, you can also select the type of sync to rebuild the topology, ensuring that your map evolves with your network.

Use:

Quick sync: Rebuild topology using existing data
Full sync: Retrieve current information from devices for the most accurate sync

See Topology sync scope.

Step 7: Run TOS Discovery (for Cisco devices)

If your environment includes Cisco devices, run TOS Discovery to automatically discover devices not monitored by SecureTrack.

See TOS discovery.

What's next

After the topology is accurate and current, and after you make any topology corrections during troubleshooting, use the Network Path Analysis and Troubleshooting use case to understand, diagnose, and optimize traffic flows in your network.