Automatically Setting Appliance Sensor Settings
You can configure initial settings for all Network Sensors added to the Policy Server. Initial configuration is optional, and unique settings for individual Network Sensors can be changed on each sensor later.
Note
To change settings for individual appliances, proceed from System > Select Appliance IP > Preferences tab.
Network Sensor Initial Settings
This configures the initial sensor settings for newly registered Network Sensors.
- Go to System in the top panel.
- In the left panel, go to System Initial Settings > Sensor Settings.
Sensor Operation
Specifies the operating mode of the Network Sensor. Depending on the network environment, it can be configured as a combination of operating mode and operational mode as follows:
- Set the sensor mode to Inactive, Mirror, Inline, or Host (recommended).
- If there are multiple VLANs, the sensor runs for each VLAN Interface, and all sensors for each VLAN Interface must be set to Host mode.
| Network Sensor Operating Mode | Network Sensor Operational Mode | Description |
|---|---|---|
| Inactive | Monitoring / Enforcement | If the Network Sensor operating mode is set to Inactive, the Network Sensor does not operate regardless of the operational mode. |
| Host | Monitoring | Only performs scanning for the Network Sensor's managed network range; does not perform network control (recommended). |
| Host | Enforcement | Performs scanning and network control for the Network Sensor's managed network range (recommended). |
| Mirror(local) | Monitoring | Only performs traffic monitoring for the Network Sensor's managed network range; does not perform network control. |
| Mirror(local) | Enforcement | Performs traffic monitoring and network control for the Network Sensor's managed network range. |
| Mirror(Global) | Monitoring | Network Sensor does not operate. |
| Mirror(Global) | Enforcement | Performs network control for IP communication outside the Network Sensor's management range. |
Warning
Please be careful when configuring, as the network may be immediately blocked if the Network Sensor operates in Enforcement mode.
Traffic Monitoring
Set to check traffic status in the managed network range when the Network Sensor operates in Mirror (local) mode.
Node Registration
You can set the maximum number of nodes that can be registered per MAC, and configure warnings if more than a certain percentage of IPs are in use.
Node Information Scan
You can determine whether to perform port scans and service scans for platform detection. You can also perform NetBIOS scans or change the scan cycle.
Network Scan
Set whether to collect additionally defined scan items, in addition to Node Information Scan.
Node Status Check
Configure status checks to perform Anomaly Definition for MAC+IP Clone detection.
Subnet Node Scan
You can set the node scan period, number of scans per second, etc.
DHCP
You can set whether to enable DHCP service.
Virtual IP
Unused IPs can be used as virtual IPs for inducing malicious traffic (honeypot).
IP Management
You can set whether to block newly connected nodes, or turn On / Off the conflict protection function for IPs configured on the sensor.
Other Settings
You can specify MACs to be excluded from NAC management targets.
Sensor Log Settings Configuration
- Go to System in the top panel.
- In the displayed screen, select Network Sensor IP.
- Click Preferences.
Refer to Other Settings:
- Default Character Set
- Sensor Debug Log Generation
- Log Storage Location - (Local, Policy Server, Local & Policy Server)
Note
If the log location is set to be stored on the Policy Server, the generated logs are transmitted via syslog using TLS on port 6514. If syslog transmission via TLS fails, it will be transmitted using standard syslog port 514. For CLOUD NAC, a random port is used. You can check the assigned port in System > Service Management > Connection Port.