Preparing Access Control using IPAM
You can enable enforcement by enabling the Unauthorized Device default policy, and changing the default policies on each individual sensor.
To Enable "Unauthorized Device" Policy
By default, the “Unauthorized Device” enforcement policy is disabled. Before controlling nodes using the Policy, the enforcement policy for “Unauthorized Device” must be enabled.
- Go to Policy in the top panel
- Go to Enforcement Policy in the left Policy panel
- Click Unauthorized Device name in the Enforcement Policy window
- Find General > Status section to Enabled
- Click Update
- Click Apply in top right corner
To Change Sensors IPAM Default Policy
The Default Policy can be changed on each sensor’s settings
- Go to System in the top panel
- Go to System > Sensor in the left System Management panel
- Click the desired sensor’s IP Address
- Click the Settings tab and click Sensor Settings
- Find IPAM Policy section, change IPAM Policy for New Node accordingly
- Click Update
Options for New node policy are as follows:
- Deny MAC: Deny a MAC Address
- Deny IP: Deny an IP Address
- Deny IP/MAC: Deny an IP and MAC Address
- Allow: Allow an IP and MAC (default)
- Enable Change Prevention: Enable IP Change Prevention for a node’s IP/MAC
- Enable Conflict Prevention: Enable IP conflict Prevention for a node’s IP/MAC