Phase 4 - Test / Validate

Step 1 - Switch Sensor on Test/POC Network to Enforcement Mode

Sensors are deployed in Monitoring mode by default. This means all nodes are allowed on the network and even enabled Enforcement Policies will not be executed. In order to test any use cases which involvement Enforcement, the Sensor will need to be set to Enforcement Mode. The instructions below outline the steps required to activate a Sensor.

An additional consideration is whether or not to Allow or Block new nodes joining the network after the Sensor has been activated. This will essentially enable a Zero Trust model where any node not explicitly permitted by any of the previously configured policies will be blocked until an Administrator specifically grants the node access. When following the steps below, to enable this option, set the New Node Policy under IPAM to “Deny MAC”. If this option is not enabled, the default mode is “Allow” and nodes not machining any particular policy will be granted network access.

Configuring ARP Enforcement

Step 2 - Test / Validate Use Cases

With the Sensor now activated, all applicable use cases can be tested and validated. Any use cases not selected in Phase 2 can be skipped.

  • Verify Unknown devices are blocked
  • Verify Captive Portal
  • Verify Guest Registration
  • Verify tags for network devices
  • Verify Managed Device Authentication
  • AD/Domain SSO
  • Captive Portal (non-domain environments)
  • Verify Role Based Access (RBAC)
  • For Managed Devices
  • For BYOD
  • For Guests
  • Verify Agent Enforcement Actions
  • For Managed Devices
  • For BYOD
  • For Guests
  • Verify IoT Use Cases
  • Verify tags/access as applicable
  • Verify other tag Use Cases
  • Verify tags/access as applicable
  • Verify other specific Use Cases
  • Verify Network Security Automation
  • Verify Publish to External System
  • Verify Receiving from External System
  • Verify Alerting and Reporting