DescriptionNetwork Sentry 8.0 Not Communicating with Agents 3.2 and Lower
ScopeVersion: Network Sentry 8.0 and Agent 3.0, 3.1, and 3.2 (with security enabled)
SolutionVersion: Network Sentry 8.0 and Agent 3.0, 3.1, and 3.2 (with security enabled)
Upgrading Network Sentry from a pre-8 version to 8.0.x could break communication with agents running version 3.0 through 3.2. Hosts that have security disabled (securityEnabled registry key set to 0) are not affected.
In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS. This was done to address the POODLE vulnerability (CVE-2014-3566). As of Network Sentry 8.0.0, SSLv3 has been disabled completely.
Secure Agent Communication Compatibility Summary
Network Sentry 6.x: Compatible with all 3.x agents
Network Sentry 7.x: Compatible with all 3.x agents
Network Sentry 8.0.x: Compatible with 3.3.x (and above) agents
Workaround: If already upgraded to 8.0, SSLv3 can be re-enabled. This will re-establish agent communication. Contact support for assistance and reference Technote "Network Sentry 8.0 Does Not Communicate with Agents 3.2 and Lower" or solution 2013.
Note: Vulnerability scanners will then detect the system is vulnerable to POODLE.
Solution: To avoid communication interruption, upgrade agents to the latest agent version prior to upgrading Network Sentry.
