Hi What is the Best Practices to make use of Ethernet Ports and Management ports of ESM. e.g. Should we have separate LAN port to receive Event logs from ERC and another to access ESM using browser and PUTTY?
If yes, how to do it?
Possible but not necessary. All data coming to the ESM could be considered "mgmt network". I'm not sure there's much benefit in breaking it out over multiple interfaces.
you could possibly have an environment or customer that wants to have separate networks.
So for examples:
ESM Mgmt 1 --> GUI (10.1.1.1)
ESM Mgmt 2 --> SIEM comms (192.168.1.1)
ELM Mgmt 1 --> Receiver and SIEM comms (192.168.1.2)
Receiver Mgmt 1 --> Data sources (172.16.0.1)
Receiver Mgmt 2 --> SIEM comms (192.168.1.3)
This is just one example if you want to split network zones. you could even split it further. My suggestion however is to try and keep it as simple as possible. because the above example also requires static routes, etc.
If I put some static route entries under ESM network setting, would I be able to access ESM after making the changes.
For example my ESM as IP 10.10.10.2 and gw 10.10.10.1 and if I put some static route in ESM network setting like - IP-172.16.32.3 gw - 172.16.32.1 or couple of more subnets different then ESM - would it impact access to ESM console or I would be able to access the console as soon as network service get restarted.
Recently got new hardware to refresh old orange Gen3 equipment, setting up Mgmt1 and Mgmt2 with the same IP (NIC Bonding) connected to different switches, for fault tolerance. Also setup the IPMI port for console access in the event of various issues (similar to an HP iLO or Dell DRAC port). You can also use SNMP traps against the IPMI for system health alerts. If setting up IPMI I suggest you check the box requiring a secure (HTTPS) connection, otherwise you would be sending your root password over the wire in clear text.