Rogue Gateway

A Genian Agent can immediately detect a rogue gateway configuration in a variety of ways. If a gateway address (or default gateway) configured on a Node is not on the trusted network, Genian NAC designates the Node as a critical one.

This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy.

See: Controlling Network Interface.

Configure Settings for Rogue Gateway in Anomaly Definition

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.
  3. Click Rogue Gateway.
  4. Find Anomaly Event section to configure more options.
  5. For Trusted Network Scope: (An option may be configurable in Policy > Object > Network.)
  6. For Sensor Network as Trusted: (This prevents from not being on the trusted network if a Sensor changes its management scope.)
  7. For Agent Control select Yes to configure more options and you may specify the followings:
    • Response: Disabling Device or Generating Logs.
    • Interface Disabled Notification: Yes or No.
    • External Device Exceptions: optional setting to specify the device to be an exception to this Anomaly. (The name must be the exact match, therefore, you had better configure Interface Type Exception instead)
    • Interface Type Exception: Wired, Wireless or Virtual.
  8. Click Update.

Create Node Group For Rogue Gateway Configured

  1. Go to Policy in the top panel.
  2. Go to Policy > Group > Node in the left Policy panel.
  3. Click on Tasks > Create
  4. For ID: Rogue Gateway Configured.
  5. For Status: Enabled.
  6. For Boolean Operator select OR.
  7. Find and click on Add in Condition section.
  8. For each Anomaly you want to add use the followings:
    • Options: Anomaly
    • Operator: Detected is one of
    • Value: Rogue Gateway
  9. Click Add.
  10. Keep adding Conditions as needed.
  11. Click Save.