Does anybody know the specifics of how NIS 2009 detects devices for the network security map? Is it via the ARP scan I see in a network trace?
The problem is that it is not seeing my server. It finds another PC and a printer on the same network just fine.
The server is running Debian GNU/Linux. The server firewall is open to the LAN, and I can ping it, connect via secure shell, web browser, etc. without issue.
I can manually add it to the "Trust Network", but it is disconcerting to have it consider it not part of the local network and also have it limit my security level options.
I looked through a couple dozen messages relating to the security map, but couldn't find anything relevant.
If someone has any ideas, or can point me more directly to an appropriate thread, I would appreciate it.
Does anybody know the specifics of how NIS 2009 detects devices for the network security map? Is it via the ARP scan I see in a network trace?
The problem is that it is not seeing my server. It finds another PC and a printer on the same network just fine.
The server is running Debian GNU/Linux. The server firewall is open to the LAN, and I can ping it, connect via secure shell, web browser, etc. without issue.
I can manually add it to the "Trust Network", but it is disconcerting to have it consider it not part of the local network and also have it limit my security level options.
I looked through a couple dozen messages relating to the security map, but couldn't find anything relevant.
If someone has any ideas, or can point me more directly to an appropriate thread, I would appreciate it.
Thank you, but that doesn't seem to have helped.
I closed the network map. Then I purged the network map and the ARP cache. Then I reopened the network map. Although the server currently has the lowest IP on the LAN, I pinged it (successfully). Once again, everything but the server appeared on the map.
Everything is on the same class C network, and appropriately configured (e.g. mask-wise).
Four possibilities come to mind:
- Static ARP entries -- the server has been configured with arp=disabled and the Norton machine has a static (-s) entry for the server
- There are too many responses coming in simultaneously
- The server is slow to respond
- The server is also your Internet gateway
You'd probably know if the first item was happening.
From your description the second item probably isn't occurring. Our experiments have shown that you need about a dozen machines all responding simultaneously to make a random device intermittently not show up.
The third item may be the reason. The scan doesn't wait the 'customary' amount of time for a response because most people wouldn't want to wait that long for the results.
The fourth item may also be the reason, if you look at your network's details it'll show the gateway address. My teams don't work on the user interface but it appears that the user interface team chose not to show gateways in this list by default since blocking them could cause significant network connectivity issues.
Thank you, Reese.
You've solved the mystery. In this case, it's #4--the server is also the gateway. And apparently it identifies the gateway by MAC address (not just IP) as the server IP doesn't appear even if the gateway function is assigned to a different IP address on the same server/gateway network interface.
I would like to suggest, however, that it would be much better to include the gateway in the local network map. Connectivity issues could be handled by either restricting the settings choices or warning the user about changes (and perhaps offering a reset-to-defaults option). I suspect this would not be difficult to implement as a product improvement.
The current approach forces the user to manually add the gateway as a "non-local" device on the trust network in order to change trust settings. It's more work for the user to set up (creating more possible points of error and possibly points of insecurity), and now the full local network map is partly on the local network and partly on the trust network. It seems inaccurate and more complex than necessary.
Thanks bkatzung for your observations. I found the UI in this regard confusing as well and will pass your comments to the UI team.