Rogue Gateway
A Genian Agent can immediately detect a rogue gateway configuration in a variety of ways. If a gateway address (or default gateway) configured on a Node is not on the trusted network, Genian NAC designates the Node as a critical one.
This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy.
See: Controlling Network Interface.
Configure Settings for Rogue Gateway in Anomaly Definition
- Go to Policy in the top panel.
- Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.
- Click Rogue Gateway.
- Find Anomaly Event section to configure more options.
- For Trusted Network Scope: (An option may be configurable in Policy > Object > Network.)
- For Sensor Network as Trusted: (This prevents from not being on the trusted network if a Sensor changes its management scope.)
- For Agent Control select Yes to configure more options and you may
specify the followings:
- Response: Disabling Device or Generating Logs.
- Interface Disabled Notification: Yes or No.
- External Device Exceptions: optional setting to specify the device to be an exception to this Anomaly. (The name must be the exact match, therefore, you had better configure Interface Type Exception instead)
- Interface Type Exception: Wired, Wireless or Virtual.
- Click Update.
Create Node Group For Rogue Gateway Configured
- Go to Policy in the top panel.
- Go to Policy > Group > Node in the left Policy panel.
- Click on Tasks > Create
- For ID: Rogue Gateway Configured.
- For Status: Enabled.
- For Boolean Operator select OR.
- Find and click on Add in Condition section.
- For each Anomaly you want to add use the followings:
- Options: Anomaly
- Operator: Detected is one of
- Value: Rogue Gateway
- Click Add.
- Keep adding Conditions as needed.
- Click Save.