A USM Anywhere Sensor deployed on VMware or Hyper-V uses five network interfaces. These network interfaces have a predefined role that cannot be changed. The USM Anywhere Management Interface is required for many essential functions.
- Connection to USM Anywhere
- Updates to the system
- Log collection within the monitored network
- VulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scans
- AssetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. discovery
This interface needs an IP address with permissions to access
- Inbound packets containing syslogAn industry standard message logging system that is used on many devices and platforms. data sent from other hosts on that network
- Outbound connections made to perform authenticated scansAuthenticated scans are performed from inside the machine using a user account with appropriate privileges.
The other interfaces passively monitor network traffic in promiscuous modeMode in which network IDS monitoring operates in passive listening mode, checking all IP packet traffic passing through it for threats.; the system does allow the configuration of an IP address on them. These interfaces should be plugged into a port in the switch where port mirroring is configured.
|Interface Name||Network Configuration Required|
Internet connectivity and IP address routed to provide the access to USM Anywhere
This IP address also allows connections to assets in a monitored network for log collection and asset scans.
Network Monitoring Interface 1
|Interface connected to a mirrored port in the network switch|
|Network Monitoring Interface 2||Interface connected to a mirrored port in the network switch|
|Network Monitoring Interface 3||Interface connected to a mirrored port in the network switch|
|Network Monitoring Interface 4||Interface connected to a mirrored port in the network switch|
Important: The VMware sensor and Hyper-V sensor require all five NICs to be enabled.
Use the functions provided by the sensor console to configure the management interface and DNS.
USM Anywhere has, by default, DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services. and Log Collection enabled.
Configuring the Interface Automatically Using DHCP
During the installation, your system sets an IP address assigned by a DHCP Server.
Note: Check your settings on Network Configuration > View Network Configuration.
Configuring the Interface Manually
- Connect to the USM Anywhere Sensor console.
- Navigate to the Network Configuration > Configure Management Interface > Set a Static Management IP Address option.
- Enter the IP Address.
- Press Enter (<OK>).
The DNS nameserver is part of the Domain Name System (DNS) that maintains a directory of domain names and translates them to IP addresses.
Important: If you specify two servers for DNS resolution, USM Anywhere determines their priority by their order. Configure your local DNS in the first position to have DNS name resolution in your internal network.
To define the DNS Nameservers
- Connect to the USM Anywhere Sensor console.
- Navigate to Network Configuration > Configure DNS.
Enter the primary DNS and press Enter (<OK>).
A confirmation screen appears to apply changes.
- Select Yes.
Optionally, you can provide the secondary DNS and press Enter (<OK>).
When the confirmation screen appears to apply changes, select Yes.
USM Anywhere is hosted as a cloud service with an IP address that is not statically assigned and may change periodically. For this reason, you must set up a firewall rule that uses the DNS of the cloud service to allow incoming / outgoing traffic between the USM Sensor and the cloud service.
In this example, the DNS for the USM Anywhere instance is displayed within the green box.
You can verify your network settings in the USM Anywhere Sensor Setup wizard or through the sensor console.
Sensor Configuration Tools
To verify the network settings in the USM Anywhere web UI
Select DATA SOURCES > SENSORS and click the sensor name.
At the bottom of the sensor page, click the NETWORK IDS tab, where you can view the traffic in your network over various interfaces.
On this tab, you can also configure a new interface or you can configure port mirroring. See Device Port Mirroring Configuration for more information.
To verify the network settings in the USM Anywhere Sensor console
- Connect to the sensor console.
- Navigate to the option Network Configuration > View Network Configuration.