.. _default-settings-sensor: Automatically Setting Appliance Sensor Settings ================================== You can configure initial settings for all Network Sensors added to the Policy Server. Initial configuration is optional, and unique settings for individual Network Sensors can be changed on each sensor later. .. note:: To change settings for individual appliances, proceed from **System > Select Appliance IP > Preferences tab**. Network Sensor Initial Settings ---------------------------- This configures the initial sensor settings for newly registered Network Sensors. #. Go to **System** in the top panel. #. In the left panel, go to **System Initial Settings > Sensor Settings**. Sensor Operation '''''''''' Specifies the operating mode of the Network Sensor. Depending on the network environment, it can be configured as a combination of operating mode and operational mode as follows: - Set the sensor mode to Inactive, Mirror, Inline, or Host (recommended). - If there are multiple VLANs, the sensor runs for each VLAN Interface, and all sensors for each VLAN Interface must be set to Host mode. .. list-table:: :widths: 2 2 5 :header-rows: 1 * - Network Sensor Operating Mode - Network Sensor Operational Mode - Description * - Inactive - Monitoring / Enforcement - If the Network Sensor operating mode is set to Inactive, the Network Sensor does not operate regardless of the operational mode. * - Host - Monitoring - Only performs scanning for the Network Sensor's managed network range; does not perform network control (recommended). * - Host - Enforcement - Performs scanning and network control for the Network Sensor's managed network range (recommended). * - Mirror(local) - Monitoring - Only performs traffic monitoring for the Network Sensor's managed network range; does not perform network control. * - Mirror(local) - Enforcement - Performs traffic monitoring and network control for the Network Sensor's managed network range. * - Mirror(Global) - Monitoring - Network Sensor does not operate. * - Mirror(Global) - Enforcement - Performs network control for IP communication outside the Network Sensor's management range. .. warning :: Please be careful when configuring, as the network may be immediately blocked if the Network Sensor operates in Enforcement mode. Traffic Monitoring ''''''''''''''''''' Set to check traffic status in the managed network range when the Network Sensor operates in Mirror (local) mode. Node Registration ''''''''''''' You can set the maximum number of nodes that can be registered per MAC, and configure warnings if more than a certain percentage of IPs are in use. Node Information Scan ''''''''''''''' You can determine whether to perform port scans and service scans for platform detection. You can also perform NetBIOS scans or change the scan cycle. Network Scan ''''''''''''''' Set whether to collect additionally defined scan items, in addition to **Node Information Scan**. Node Status Check '''''''''''''''' Configure status checks to perform Anomaly Definition for MAC+IP Clone detection. Subnet Node Scan '''''''''''''''''' You can set the node scan period, number of scans per second, etc. DHCP '''''''' You can set whether to enable DHCP service. Virtual IP '''''''''' Unused IPs can be used as virtual IPs for inducing malicious traffic (honeypot). IP Management '''''''''' You can set whether to block newly connected nodes, or turn On / Off the conflict protection function for IPs configured on the sensor. Other Settings ''''''''''' You can specify MACs to be excluded from NAC management targets. Sensor Log Settings Configuration ---------------------- 1. Go to **System** in the top panel. 2. In the displayed screen, select **Network Sensor IP**. 3. Click **Preferences**. Refer to **Other Settings**: - Default Character Set - Sensor Debug Log Generation - Log Storage Location - (Local, Policy Server, Local & Policy Server) .. note:: If the log location is set to be stored on the Policy Server, the generated logs are transmitted via syslog using TLS on port 6514. If syslog transmission via TLS fails, it will be transmitted using standard syslog port 514. For CLOUD NAC, a **random port** is used. You can check the assigned port in **System > Service Management > Connection Port**.