Node is Blocked After Changed Node Type¶
Symptom¶
The type of node is changed in the policy server, resulting in an enforcement action being taken against the node.
Cause¶
- The network sensor scans the nodes and classifies them using the collected information.
- The node type can be changed as more info is gathered.
- If an enforcement policy is linked to a group based on node type, a changing node type can result in an unwanted enforcement.
Resolution¶
If a node is classified as a network device for the first time, if the node type is defined by a user, or if scanning of the node is disabled, node type scanning will be stopped.
How to Define Node type:¶
- Go to Management > Node in the top panel.
- Click on the desired IP or MAC Address.
- Click General tab.
- Check the box of User-Defined Platform.
- Select the Node type.
- Click Update.
How to Disable scanning on a node:¶
- Go to Management > Node in the top panel.
- Click on the desired IP or MAC Address.
- Click Policy tab.
- Set the Node Platform/Open Port Scan option to Off.
Identifying information gathered about a specific Node:¶
To see how a node was classified, you can view the collected information.
- Follow the below steps, as shown in the code box.
- Log in to the Policy Server console directly or by SSH.
- Enter Configuration mode.
- Enter shell mode.
- Navigate to the directory that holds the node scan data.
- Node scan data files will be in .raw format , with a [Node IP-Node MAC] naming scheme.
- Use the
catcommand to display the contents of the file.
genian> en
genian# @shell
Genians$ Cd /disk/data/logs/system/scanraw
Genians$ cat [Node IP-Node MAC].raw