Configuring Appliances, Components and Default Settings

Genian NAC Appliances, and logical components such as Policy Servers, Network Sensors and Wireless Sensors may be configured individually. Settings include OS Update Proxy, SSH Access Restrictions, SNMP Agent, Hardware Usage Alerts, System Time and log management.

Default Settings are configured for both Network Appliances and Sensors, this allows configurations to be cloned onto other Network Appliances and Sensors when added onto the network. This eliminates the need for the Administrator to configure each one. As a Remote Site is added and a Network Sensor is installed it will inherit the configurations from the Network Appliance settings. If Additional VLANs are configured then these VLANs will inherit configurations from the Sensor settings. These settings are optional and can later be reconfigured on individual appliances.

Policy Server

Configure Appliance Settings

  1. Go to System in top panel
  2. Find and click Policy Server IP in the main System window
  3. Find and click Appliance tab in the main System window

Configure Default Appliance Settings

(Settings below are optional and will be default settings for all additional Policy Servers)

  1. Go to System in top panel
  2. Go to System Defaults > Network Appliance in the left System Management panel

Allow Remote Access via SSH

  1. Find Security section and enter Approved SSH Source IP
  • Individual IP's may be allowed(e.g. 192.168.1.10).
  • Entire Subnets may also be allowed, regardless of individual IP. (e.g. 192.168.1.0/24).
  • Access from all sources may also be permitted (e.g. 0.0.0.0/0).

Note

Be mindful of NAT when accessing an appliance across network segments. The external NAT address must be allowed.

  1. Click Update

Proxy For Windows Updates

  1. Find Proxy for Windows Updates section and select On in drop-down
  2. Select Network Group for Proxy Service to use
  3. Click Update

Setup SNMP Agent

  1. Find SNMP Agent section and select On in drop-down
  2. Enter the following:
    • Username
    • Authentication Password (SHA, minimum length – 8 characters)
    • Privacy Password for data encryption (AES, minimum length – 8 characters)
  3. Click Update

Edit Asset Management Thresholds

  1. Find Asset Management section
  2. Enter the following:
    • Data Disk Threshold generates log if Data Disk is over this threshold (Default is 90)
    • Memory Threshold generates log if Memory is over this threshold (Default is 90)
    • CPU Threshold generates log if CPU is over this threshold (Default is 95)
  3. Click Update

Edit System Date And Time

  1. Find Date and Time section
  2. Select Country and closest City from drop-downs for System TimeZone
  3. Click Update

Change Character Set

  1. Find Miscellaneous section
  2. Select Character Set from drop-down
  3. Click Update

Network Sensor

Configure Sensor Default Settings

  1. Go to System in the top panel
  2. Go to System > System Defaults > Network Sensor in the left System Management panel
    • Sensor Mode: Host
      • If Sensor Mode is set to Inactive, this disables the Sensor
      • If you have more than one VLAN, you will need to set Host Mode for all VLAN networks on each Sensor to be scanned.

Configure Sensor Log Settings

  1. Go to System in the top panel
  2. Select Network Sensor IP in the view pane.
  3. Select the Appliance tab in the view pane.

Under: Miscellaneous Configure:

  • Default Character Set

  • Sensor Debug Logging

    • Log Location - (Local, Remote, Remote & Local)