Manually Synchronizing Outside the Schedule

Overview

Occasionally, administrators may need to use IPAM Security Policy App (ISPA) to immediately map subnets to a SecureTrack domain (in a multi-domain environment) and zones, or provide an urgent report summarizing the current status of the subnets in SecureTrack. These tasks can be done by manually syncing with your IPAMs outside of the predefined schedule. When syncing, the app maps subnets to SecureTrack zones, which can be children of a parent zone. You can configure hierarchical relationships in ISPA and view them in SecureTrack.

Manual synchronizations are done separately for each IPAM solution. Only SecureTrack users with Super Administrator permissions can perform manual synchronizations.

Manually Synchronize with an IPAM Solution

In the Sync () menu, do the following:

1. Optional: Edit how the subnets are mapped to SecureTrack.

   1. Click Configure Attributes.

      The Attributes List shows attributes that are mapped to SecureTrack zones and hierarchies.

      

   2. From the Actions () list, click Instructions for vendor-specific guidance on typical attributes that you can map in the IPAM.

      Here is an example of an Instructions box:

      

   3. From the Actions () list, click Add.

      

      There are two types of attributes: Zone and Domain.

   Define a Zone

   1. For the Attribute Name, type the name and define the Zone.

      

      The Any zone populates zones based on all values across all predefined attributes in which subnets were found. If the zone is not specified by the IPAM, ISPA creates a zone called Unassociated Networks in SecureTrack for each IPAM. Subnets, which do not belong to a specific zone, are assigned to the Unassociated Networks zone. To prevent this assignment, it is recommended to assign attributes to a specific zone or hierarchy.

   2. Define the Hierarchy

      

      ISPA builds zones and zone hierarchies from IPAM data. You can define the zone as a parent, or add a sublevel as a child, as deep as you need to reflect the network hierarchy. The zones in a hierarchy must belong to the same domain.

      The Parent attribute is only used to establish hierarchy relationships. When mapping information from the IPAM, ISPA does not use the Parent attribute to populate the subnet in the zone. ISPA uses zones, which are defined as Child zones, to populate subnets.

      Changes to zone definitions appear in SecureTrack after a sync.

   3. Click Save.

   You can view the Zone Hierarchy in SecureTrack under Network > Zones.

   

   Define a Domain

   Use this option to map the subnet attributes to a SecureTrack domain (in a multi-domain environment).

   Both SecureTrack and the IPAM must be configured to support multiple domains.

   1. For the Attribute Name, type the name and select the Domain Attribute Type.

      

      If you are mapping to more than one domain, you will also need to define a domain attribute to associate subnets and zones to domains.

      In this example, ISPA uses the ST_DOMAIN attribute to associate subnets and zones to the domains.

      

   2. Click Save.

2. In the IPAM List page, click Sync.

   

3. Select the domain to sync and click Sync.