Device Appliance Automatically
When Genian NAC Device is first registered, the administrator must change the appliance configuration for the device registered.
If you are in an environment where multiple network sensors are registered, you can specify the initial settings so that the preferences are automatically applied when registering new equipment.
- Go to System in top panel
- Go to System Defaults > Network Appliance in the left System Management panel
Note
The above settings are optional and will be the default settings for all additional policy servers.)
Configure Appliance Settings
- Go to System in top panel
- Find and click Policy Server IP in the main System window
- Find and click Appliance tab in the main System window
Allow Remote Access via SSH
- Find Security section and enter Approved SSH Source IP
- Individual IP's may be allowed(e.g. 192.168.1.10).
- Entire Subnets may also be allowed, regardless of individual IP. (e.g. 192.168.1.0/24).
- Access from all sources may also be permitted (e.g. 0.0.0.0/0).
Note
Be mindful of NAT when accessing an appliance across network segments. The external NAT address must be allowed.
- Click Update
Proxy For Windows Updates
- Find Proxy for Windows Updates section and select On in drop-down
- Select Network Group for Proxy Service to use
- Click Update
Setup SNMP Agent
- Find SNMP Agent section and select On in drop-down
- Enter the following:
- Username
- Authentication Password (SHA, minimum length – 8 characters)
- Privacy Password for data encryption (AES, minimum length – 8 characters)
- Click Update
Edit Asset Management Thresholds
- Find Asset Management section
- Enter the following:
- Data Disk Threshold generates log if Data Disk is over this threshold (Default is 90)
- Memory Threshold generates log if Memory is over this threshold (Default is 90)
- CPU Threshold generates log if CPU is over this threshold (Default is 95)
- Click Update
Edit System Date And Time
- Find Date and Time section
- Select Country and closest City from drop-downs for System TimeZone
- Click Update
Change Character Set
- Find Miscellaneous section
- Select Character Set from drop-down
- Click Update
Configure Sensor Log Settings
- Go to System in the top panel
- Select Network Sensor IP in the view pane.
- Select the Appliance tab in the view pane.
Under: Miscellaneous Configure:
Default Character Set
Sensor Debug Logging
- Log Location - (Local, Policy Server, Local & Policy Server)
Note
If logging is set to save to the Policy Server, individual log entries will be sent by Syslog over TLS using port 6514. If Syslog over TLS fails, standard syslog on port 514. For Cloud-Managed NAC, Unique Ports are used. You can check these port assignments under System > Service > Port