Rogue Gateway

A Genian Agent can immediately detect a rogue gateway configuration in a variety of ways. If a gateway address (or default gateway) configured on a Node is not on the trusted network, Genian NAC designates the Node as a critical one.

This anomaly definition requires installing an Agent on the endpoint and enabling an Agent Action In the node policy.

See: Controlling Network Interface.

Configure Settings for Rogue Gateway in Anomaly Definition

1. Go to Policy in the top panel.
2. Go to Policy > Node Policy > Anomaly Definition in the left Policy panel.
3. Click Rogue Gateway.
4. Find Anomaly Event section to configure more options.
5. For Trusted Network Scope: (An option may be configurable in Policy > Object > Network.)
6. For Sensor Network as Trusted: (This prevents from not being on the trusted network if a Sensor changes its management scope.)
7. For Agent Control select Yes to configure more options and you may specify the followings:
   • Response: Disabling Device or Generating Logs.
   • Interface Disabled Notification: Yes or No.
   • External Device Exceptions: optional setting to specify the device to be an exception to this Anomaly. (The name must be the exact match, therefore, you had better configure Interface Type Exception instead)
   • Interface Type Exception: Wired, Wireless or Virtual.
8. Click Update.

Create Node Group For Rogue Gateway Configured

1. Go to Policy in the top panel.
2. Go to Policy > Group > Node in the left Policy panel.
3. Click on Tasks > Create
4. For ID: Rogue Gateway Configured.
5. For Status: Enabled.
6. For Boolean Operator select OR.
7. Find and click on Add in Condition section.
8. For each Anomaly you want to add use the followings:
   • Options: Anomaly
   • Operator: Detected is one of
   • Value: Rogue Gateway
9. Click Add.
10. Keep adding Conditions as needed.
11. Click Save.