Rogue Gateway
=============

A Genian Agent can immediately detect a rogue gateway configuration in a
variety of ways. If a gateway address (or default gateway) configured on a Node
is not on the trusted network, Genian NAC designates the Node as a critical
one.

This anomaly definition requires installing an Agent on the endpoint and
enabling an Agent Action In the node policy.

See: :doc:`/endpoints/network-interface`.

Configure Settings for Rogue Gateway in Anomaly Definition
----------------------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Anomaly Definition** in the left Policy
   panel.
#. Click **Rogue Gateway.**
#. Find **Anomaly Event** section to configure more options.
#. For **Trusted Network Scope:** (*An option may be configurable in Policy >
   Object > Network.*)
#. For **Sensor Network as Trusted:** (*This prevents from not being on the
   trusted network if a Sensor changes its management scope.*)
#. For **Agent Control** select **Yes** to configure more options and you may
   specify the followings:

   - **Response:** Disabling Device or Generating Logs.
   - **Interface Disabled Notification:** Yes or No.
   - **External Device Exceptions:** optional setting to specify the device to
     be an exception to this Anomaly. (*The name must be the exact match,
     therefore, you had better configure Interface Type Exception instead*)
   - **Interface Type Exception:** Wired, Wireless or Virtual.

#. Click **Update.**

Create Node Group For Rogue Gateway Configured
----------------------------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Group > Node** in the left Policy panel.
#. Click on **Tasks > Create**
#. For **ID:** Rogue Gateway Configured.
#. For **Status:** Enabled.
#. For **Boolean Operator**  select **OR.**
#. Find and click on **Add** in **Condition** section.
#. For each **Anomaly** you want to add use the followings:

   - **Options:** Anomaly
   - **Operator:** Detected is one of
   - **Value:** Rogue Gateway

#. Click **Add.**
#. Keep adding **Conditions** as needed.
#. Click **Save.**