Rogue Gateway

A Genian Agent can immediately detect a rogue gateway configuration in a variety of ways. If a gateway address (or default gateway) configured on a Node is not on the trusted network, Genian NAC 6.0 designates the Node as a critical one.

This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy.

See: Controlling Network Interface.

Configure Settings for Rogue Gateway in Anomaly Definition

1. Go to Policy in the top panel.

2. Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.

3. Click Rogue Gateway.

4. Find Anomaly Event section to configure more options.

5. For Trusted Network Scope: (An option may be configurable in Policy > Object > Network.)

6. For Sensor Network as Trusted: (This prevents from not being on the trusted network if a Sensor changes its management scope.)

7. For Agent Control select Yes to configure more options and you may specify the followings:

   • Response: Disabling Device or Generating Logs.

   • Interface Disabled Notification: Yes or No.

   • External Device Exceptions: optional setting to specify the device to be an exception to this Anomaly. (The name must be the exact match, therefore, you had better configure Interface Type Exception instead)

   • Interface Type Exception: Wired, Wireless or Virtual.

8. Click Update.

Create Node Group For Rogue Gateway Configured

1. Go to Policy in the top panel.

2. Go to Policy > Group > Node in the left Policy panel.

3. Click on Tasks > Create

4. For ID: Rogue Gateway Configured.

5. For Status: Enabled.

6. For Boolean Operator select OR.

7. Find and click on Add in Condition section.

8. For each Anomaly you want to add use the followings:

   • Options: Anomaly

   • Operator: Detected is one of

   • Value: Rogue Gateway

9. Click Add.

10. Keep adding Conditions as needed.

11. Click Save.