Preparing Network ================== When planning your Genian |product_name| Deployment onto your network there are several considerations. - Where should the equipment be placed? - How will it connect to my switches? - How many pieces of equipment do I need? - What ports do I need to open for Genians to communicate? Wired Connectivity ------------------- The Policy Server should be directly connected to your Core Switch port as an access port. The Network Sensor should be connected to an Edge Switch port that can be an access port, or trunk port. Switches '''''''''' Network Sensors must be able to see broadcast packets, so they must be connected to all managed subnets. **VLANs** To monitor multiple VLANs (up to 128,recommended 64) through a single port, make sure the switch port is configured with 802.1Q trunking and that all VLANs you wish to monitor are allowed on that port. Switches differ in how to configure this setup. Below are examples of how to configure 802.1Q Trunk ports for VLANs on common switches. In these examples, we will show how to add VLANs 100 and 200 to port 48, configured with .1q trunk encapsulation. Cisco Switch .. code-block:: bash Cisco(config)#interface gi1/0/48 Cisco(config-if)#switchport trunk encapsulation dot1q Cisco(config-if)#switchport mode trunk Cisco(config-if)#switchport trunk allowed vlan add 100,200 HP Switch .. code-block:: bash Procurve(config)#vlan 100 Procurve(config)#tagged 48 Procurve(config)#vlan 200 Procurve(config)#tagged 48 **SNMP** Genians supports SNMP Versions 1, 2c and 3. The read-only community string is used to check whether the node supports SNMP in the process of collecting information about the Node by the network sensor. If the node responds to an SNMP request, the sensor verifies that the node is a switch by verifying that it supports the BRIDGE-MIB through an SNMP query. The read-write community string is used to make changes to the switches for port descriptions and shutting down switch ports. In addition, it can be used for various additional functions such as collecting information of wireless controller using SNMP, detecting platform information of device. .. note:: Be sure to add the Network Sensor to the access-lists of all switches in the same network segment, and assign necessary permissions for users/groups to view all OIDs. For more info see: :doc:`../monitoring/switch/browsing-switchports` WAN ''''' If you have more then one location behind WAN Technologies then a Network Sensor would be required at each of these locations. Wireless Connectivity ---------------------- Network Sensors with Wireless NIC is used to detect wireless packets and identify SSIDs that are both Internal to your network and External (Neighboring) to your network. Placement of the Network Sensor with Wireless NIC is critical as you do not want to place this in a Data closet where you will only detect Wireless SSIDs near the data closet. You will want to place the Network Sensor with Wireless NIC centrally to where you can detect the majority of the SSIDs around it. |product_name| Gateway - Policy Server Connectivity ------------------------------------------------------ Both Policy Servers and |product_name| Gateways may be installed in the Cloud or On-Prem. Depending on which components are deployed where will dictate what connectivity is required through Cloud and On-Prem network firewalls and ACLs. Firewall Requirements ---------------------- The following connections must be allowed for Genian |product_name| to function properly. [On-Premises] +-------------------+--------------------------------------------+------------------------------------+------------------------------------------------+ | SRC IP | DST IP | Service | Note | +===================+============================================+====================================+================================================+ | Policy Server || Log Server | | TCP/9200~9300, TCP/9300~9400 | | Log Server | | || DB Server | | TCP/3306 | | Database | | || Network Sensor IP, PC IP (Agent) | | UDP/3871 | | Keep Alive, Event Transmission | | || https://alarm2.genians.com | | TCP/8844 | | Alarm Service | | || https://geniupdate2.genians.com | | TCP/8844 | | GenianData Update | | || https://cmupdate2.genians.com | | TCP/8844 | | GenianData Update | | || https://techlab2.genians.com | | TCP/8844 | | Platform Miss/False Detection Report | | || https://pi-api.genians.com | | TCP/443 | | Genian DPI | | || https://dzxsljwmt8reh.cloudfront.net | | TCP/443 | | Syscollect Update | | || https://tuf-repo-cdn.sigstore.dev | | TCP/443 | | SLSA Verification | | || https://rekor.sigstore.dev | | TCP/443 | | SLSA Verification | +-------------------+--------------------------------------------+------------------------------------+------------------------------------------------+ | | | | UDP/3870 | | Keep Alive | | Network Sensor IP | Policy Server IP/FQDN | | TCP/80, TCP/443 | | Policy/Action Information Update | | | | | UDP/514, TCP/6514 | | Syslog | | +--------------------------------------------+------------------------------------+------------------------------------------------+ | | https://dzxsljwmt8reh.cloudfront.net | TCP/443 | Syscollect Update | +-------------------+--------------------------------------------+------------------------------------+------------------------------------------------+ | PC IP (Agent) | Policy Server IP/FQDN | | UDP/3870 | | Keep Alive | | | | | TCP/80, TCP/443 | | Policy/Action Information Update | | | | | TCP/8000 | | Windows Update | +-------------------+--------------------------------------------+------------------------------------+------------------------------------------------+ | Admin PC || Policy Server IP, Network Sensor IP | | TCP/3910 | | SSH | | || Policy Server IP | | TCP/8443 | | Web Console | +-------------------+--------------------------------------------+------------------------------------+------------------------------------------------+ [Cloud managed] +-------------------+--------------------------------------------+-------------------------------------+-------------------------------------------+ | SRC IP | DST IP | Service | Note | +===================+============================================+=====================================+===========================================+ | Policy Server IP | 52.78.17.154 (geniupdate.geninetworks.com) | TCP/80, TCP/443 | **GENIAN Data** Update | +-------------------+--------------------------------------------+-------------------------------------+-------------------------------------------+ | | | | UDP/Random | | Keep Alive | | Network Sensor IP | Policy Server IP/FQDN | | TCP/80, TCP/443 | | Update Information/Policy | | | | | UDP/Random, TCP/Random | | Syslog | +-------------------+--------------------------------------------+-------------------------------------+-------------------------------------------+ | PC IP (Agent) | Policy Server IP/FQDN | | UDP/Random | | Keep Alive | | | | | TCP/80, TCP/443, | | Update Information/Policy | | | | | UDP/Random, TCP/Random | | Windows Update | +-------------------+--------------------------------------------+-------------------------------------+-------------------------------------------+ .. note:: **UNIQUE PORT:** Specific Port Info for the Cloud Managed Policy Server can be found in the Web Console by selecting **System** on the top panel, and then selecting **Service > Port** from the left menu bar. .. note:: **Keep Alive** traffic is sent from all Sensor interfaces, including Vlan interfaces (ethX, and ethx.x) .. _Trunked Switch Port: http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=7