Configuring ARP Enforcement
===========================

Network Sensor by default is configured to passively collect information and
forward it to the Policy Server. This information assists in identifying the
endpoints information, allowing you to build groups and policies. Network
Sensor Operating Mode needs to be changed from Monitoring to Enforcement which allows
the Policy Server to enforce policies and control endpoints access onto the
network using ARP Enforcement.

For more information. See :doc:`/controlling/enforcement-methods`

.. note:: ARP Enforcement may trigger security alerts from IDS or EDR products, see: :doc:`/troubleshoot/arp-enforce-fails`

Enabling ARP Enforcement
------------------------

You can enforce policies by activating the **Network Sensor**. The Network
Sensor has two types of **Sensor Operating Modes**. By default, the **Network
Sensor** is set to **Monitoring** mode.

To activate the Network Sensor enforcement:

#. Go to **System** in the top panel
#. Select the desired sensor’s **IP Address** for activating enforcement
#. Click the **Sensor** tab
#. Click the **Interface** of the sensor you wish to activate.
#. For **Sensor Mode**, select **Host**
#. For **Sensor Operating Mode**, change to **Enforcement**
#. Configure optional **Enforcement Exceptions** Unmanaged IP ranges.
#. Configure **Managed IP Control** Range
#. Click **Update**