Network Sensor Settings Automatically

configure preferences for all network sensors that are added since the policy server is configured.

Initial settings are optional, and subsequently unique settings for individual network sensors can be changed on each sensor.

Configure Sensor Default Settings

This will be the initial sensor setting for the network sensor to be registered in the future.

  1. Go to System in the top panel

  2. Go to System > System Defaults > Network Sensor in the left System Management panel, and set the applicable options:

    • Sensor Operater

    Specifies the mode in which the network sensor operates. Depending on your network environment, you can set it up as a combination of operation mode and operation mode as follows:

    Sensor Mode Sensor Operating Mode Description
    Inactive Monitoring / Enforcement Network sensors do not work regardless of operating mode when network sensor behavior mode is inactive setting
    Host Monitoring Network Sensor Management Scope Perform only scans of the network; do not perform network control (recommended)
    Host Enforcement Network Sensor Management Scope Perform scanning and network enforcement for the network (recommended)
    Mirror(local) Monitoring Network Sensor Management Scope Perform traffic monitoring only for the network; do not perform network control
    Mirror(local) Enforcement Network Sensor Management Scope Perform traffic monitoring and network control over the network
    Mirror(Global) Monitoring Network Sensor Inoperative
    Mirror(Global) Enforcement Perform network control over IP communications outside the network sensor's management scope
    • Traffic Monitoring: (Mirror Only)
      • Collection Interval
      • Time for Average
      • Minimum Update Value
      • Update Fluctuation
      • Destination based Status Collection
    • Node Registration:
      • Maximum Registration for a MAC
      • IP Utilization Alert
    • Node Information Scan:
      • Port / Service Scan: Configure options for SNMP, WMI, and NMAP scanning
      • NetBIOS Name Queries
      • Scan Interval
    • Network Scan:
      • DHCP Server Scan
      • UPNP Scan
      • HP SLP Scan
      • SIP Scan
    • Node Status Scan:
      • MAC+IP Clone Detection
    • Subnet Node Scan:
      • Execution Interval
      • Scans per Second
    • DHCP:
      • DHCP Service
      • DHCP Node IP Update
    • Virtual Honeypot IP:
      • Virtual Honeypot IPs
    • IPAM:
      • New Node Policy
      • Sensor IP Conflict Prevention
    • Miscellaneous:
      • MAC Exception

Configure Sensor Log Settings

  1. Go to System in the top panel
  2. Select Network Sensor IP in the view pane.
  3. Select the Appliance tab in the view pane.

Under: Miscellaneous Configure:

  • Default Character Set

  • Sensor Debug Logging

    • Log Location - (Local, Policy Server, Local & Policy Server)

Note

If logging is set to save to the Policy Server, individual log entries will be sent by Syslog over TLS using port 6514. If Syslog over TLS fails, standard syslog on port 514. For Cloud-Managed NAC, Unique Ports are used. You can check these port assignments under System > Service > Port