Network Sensor Settings Automatically

configure preferences for all network sensors that are added since the policy server is configured.

Initial settings are optional, and subsequently unique settings for individual network sensors can be changed on each sensor.

Configure Sensor Default Settings

This will be the initial sensor setting for the network sensor to be registered in the future.

  1. Go to System in the top panel

  2. Go to System > System Defaults > Network Sensor in the left System Management panel, and set the applicable options:

    • Sensor Operater

    Specifies the mode in which the network sensor operates. Depending on your network environment, you can set it up as a combination of operation mode and operation mode as follows:

    Sensor Mode

    Sensor Operating Mode

    Description

    Inactive

    Monitoring / Enforcement

    Network sensors do not work regardless of operating mode when network sensor behavior mode is inactive setting

    Host

    Monitoring

    Network Sensor Management Scope Perform only scans of the network; do not perform network control (recommended)

    Host

    Enforcement

    Network Sensor Management Scope Perform scanning and network enforcement for the network (recommended)

    Mirror(local)

    Monitoring

    Network Sensor Management Scope Perform traffic monitoring only for the network; do not perform network control

    Mirror(local)

    Enforcement

    Network Sensor Management Scope Perform traffic monitoring and network control over the network

    Mirror(Global)

    Monitoring

    Network Sensor Inoperative

    Mirror(Global)

    Enforcement

    Perform network control over IP communications outside the network sensor's management scope

    • Traffic Monitoring: (Mirror Only)

      • Collection Interval

      • Time for Average

      • Minimum Update Value

      • Update Fluctuation

      • Destination based Status Collection

    • Node Registration:

      • Maximum Registration for a MAC

      • IP Utilization Alert

    • Node Information Scan:

      • Port / Service Scan: Configure options for SNMP, WMI, and NMAP scanning

      • NetBIOS Name Queries

      • Scan Interval

    • Network Scan:

      • DHCP Server Scan

      • UPNP Scan

      • HP SLP Scan

      • SIP Scan

    • Node Status Scan:

      • MAC+IP Clone Detection

    • Subnet Node Scan:

      • Execution Interval

      • Scans per Second

    • DHCP:

      • DHCP Service

      • DHCP Node IP Update

    • Virtual Honeypot IP:

      • Virtual Honeypot IPs

    • IPAM:

      • New Node Policy

      • Sensor IP Conflict Prevention

    • Miscellaneous:

      • MAC Exception

Configure Sensor Log Settings

  1. Go to System in the top panel

  2. Select Network Sensor IP in the view pane.

  3. Select the Appliance tab in the view pane.

Under: Miscellaneous Configure:

  • Default Character Set

  • Sensor Debug Logging

    • Log Location - (Local, Policy Server, Local & Policy Server)

Note

If logging is set to save to the Policy Server, individual log entries will be sent by Syslog over TLS using port 6514. If Syslog over TLS fails, standard syslog on port 514. For Cloud-Managed NAC, Unique Ports are used. You can check these port assignments under System > Service > Port