Configuring ARP Enforcement
Network Sensor by default is configured to passively collect information and forward it to the Policy Server. This information assists in identifying the endpoints information, allowing you to build groups and policies. Network Sensor Operating Mode needs to be changed from Monitoring to Enforcement which allows the Policy Server to enforce policies and control endpoints access onto the network using ARP Enforcement.
For more information. See Policy Enforcement Methods
ARP Enforcement may trigger security alerts from IDS or EDR products, see: ARP Enforcement does not block network access
Enabling ARP Enforcement
You can enforce policies by activating the Network Sensor. The Network Sensor has two types of Sensor Operating Modes. By default, the Network Sensor is set to Monitoring mode.
To activate the Network Sensor enforcement:
- Go to System in the top panel
- Select the desired sensor’s IP Address for activating enforcement
- Click the Sensor tab
- Click the Interface of the sensor you wish to activate.
- For Sensor Mode, select Host
- For Sensor Operating Mode, change to Enforcement
- Configure optional Enforcement Exceptions Unmanaged IP ranges.
- Configure Managed IP Control Range
- Click Update