.. _installing-network-sensor:
.. role:: raw-html(raw)
:format: html
Installing Network Sensor
=========================
| The Network Sensor is installed in your internal network to collect information and send it to the Policy Server.
| Depending on your network design, you may need to install one or more logical/physical Network Sensors.
Prepare the Environment
-----------------------
| You can install the Network Sensor on a physical or virtual system.
| Prepare **Ubuntu OS 24.04** by referring to the guide :ref:`Install Ubuntu OS `.
.. note::
| You can install the Network Sensor on a virtual machine.
| ZTNA supports various hypervisors such as VMware, VirtualBox, and XenServer.
.. note::
Even if you use the Cloud version, the Network Sensor must be installed inside your internal network.
Prepare Network Connectivity
----------------------------
Genian Network Sensor requires network connectivity with one or more static IP addresses.
The sensor must monitor broadcast packets (ARP, DHCP, UPnP, etc.) on the network and be connected to all segments (broadcast domains) you plan to manage.
If you are using VLAN-capable switches, you can set up an 802.1Q trunk port to monitor multiple networks via a single physical interface.
When installing the Network Sensor in a virtual environment, the VM (sensor) must be able to directly communicate with all segments you want to monitor and control.
.. note::
When using a virtual machine, set the network interface type to **Bridge** mode.
To collect wireless LAN information, install a compatible wireless network adapter on the sensor.
See the document below.
.. toctree::
:maxdepth: 1
wireless-adapter-compatibility
Access Port
''''''''''''''''
When monitoring a single network via a switch Access Port, no additional switch configuration is required. If the system has more than one NIC, you can monitor multiple segments through multiple Access Ports.
Trunk Port
''''''''''''
To monitor multiple VLANs from a single interface, configure the switch port as a Trunk Port using the 802.1Q protocol.
Below are examples of configuring Trunk Port (802.1Q) on Cisco and HP switches.
Cisco Switch example
.. code-block:: bash
Cisco(config)#interface gi1/0/48
Cisco(config-if)#switchport trunk encapsulation dot1q
Cisco(config-if)#switchport mode trunk
HP Switch example (create Port 48 as a tagged interface)
.. code-block:: bash
Procurve(config)#vlan 100
Procurve(config)#tagged 48
Procurve(config)#vlan 200
Procurve(config)#tagged 48
Install the Network Sensor
--------------------------
**Step 1: Switch from Ubuntu user to root**
.. code-block:: text
genian@genian:~$ sudo su
[sudo] password for genian:
root@genian:/home/genian#
**Step 2: Update and upgrade packages**
.. code-block:: text
root@genian:/home/genian# apt-get update
root@genian:/home/genian# apt-get upgrade
**Step 3: Install curl (required for install)**
.. code-block:: text
root@genian:/home/genian# apt install curl
**Step 4: Install the Network Sensor with the following command**
.. code-block:: text
curl -sSLk https://bit.ly/4fX6bQ8 | sudo PROMPT=1 SSHALLALLOW=1 SSHPORT=22 TARGET=GNS DEB=ztna LOCALE=en bash -
Configure the Network Sensor
----------------------------
**Step 1: Access Ubuntu and gnlogin**
After installation, access Ubuntu and gnlogin to perform initial setup.
.. code-block:: bash
genian@genian:~$ sudo su
[sudo] password for genian:
root@genian:/home/genian#
# Gain root privileges
root@genian:/home/genian# gnlogin
# Enter Genian Shell
.. note::
You must have root privileges to apply interface settings properly.
**Step 2: Configure the Network Sensor**
1. Enter global configuration mode with the enable command.
2. Enter configuration mode with the configure terminal command.
3. Set the interface IP address and subnet mask.
4. Set the interface default gateway.
5. Set the device default gateway.
6. Set the device DNS server.
7. Configure the Policy Server information by IP or Hostname.
.. code-block:: bash
genian> enable
Password: (For the enable password, contact Technical Support)
genian# configure terminal
genian(config)# interface [interface name] address [IP] [Subnet Mask]
genian(config)# interface [interface name] gateway [IP]
genian(config)# ip default-gateway [IP]
genian(config)# ip name-server [IP]
genian(config)# node-server IP [IP]
genian(config)# node-server Host [Hostname]
# If you configured interfaces during Ubuntu installation, some IP settings may already exist.
.. note::
For configuring VLAN interfaces on a trunk interface, see :ref:`Adding and Deleting Network Sensors `.
Unsupported Hardware
--------------------
If installation does not proceed normally, contact your partner engineer or `Technical Support`_.
.. note::
In virtual environments, if the storage device or network interface is not recognized, change the storage type to SATA or change the network interface driver to an Intel family such as E1000.
.. toctree::
:maxdepth: 1
report-unsupported-hw
.. _802.1Q: https://en.wikipedia.org/wiki/IEEE_802.1Q
.. _Technical Support: https://genians.slack.com/