Rogue Gateway ============= A Genian Agent can immediately detect a rogue gateway configuration in a variety of ways. If a gateway address (or default gateway) configured on a Node is not on the trusted network, Genian NAC designates the Node as a critical one. This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy. See: :doc:`/endpoints/network-interface`. Configure Settings for Rogue Gateway in Anomaly Definition ---------------------------------------------------------- #. Go to **Policy** in the top panel. #. Go to **Policy > Node Policy > Anomaly Definition** in the left Policy panel. #. Click **Rogue Gateway.** #. Find **Anomaly Event** section to configure more options. #. For **Trusted Network Scope:** (*An option may be configurable in Policy > Object > Network.*) #. For **Sensor Network as Trusted:** (*This prevents from not being on the trusted network if a Sensor changes its management scope.*) #. For **Agent Control** select **Yes** to configure more options and you may specify the followings: - **Response:** Disabling Device or Generating Logs. - **Interface Disabled Notification:** Yes or No. - **External Device Exceptions:** optional setting to specify the device to be an exception to this Anomaly. (*The name must be the exact match, therefore, you had better configure Interface Type Exception instead*) - **Interface Type Exception:** Wired, Wireless or Virtual. #. Click **Update.** Create Node Group For Rogue Gateway Configured ---------------------------------------------- #. Go to **Policy** in the top panel. #. Go to **Policy > Group > Node** in the left Policy panel. #. Click on **Tasks > Create** #. For **ID:** Rogue Gateway Configured. #. For **Status:** Enabled. #. For **Boolean Operator** select **OR.** #. Find and click on **Add** in **Condition** section. #. For each **Anomaly** you want to add use the followings: - **Options:** Anomaly - **Operator:** Detected is one of - **Value:** Rogue Gateway #. Click **Add.** #. Keep adding **Conditions** as needed. #. Click **Save.**