Detecting a device’s platform2017-11-16T15:46:06+00:00
1.38K views
0
0 Comments

Dear all,

Good day,

 

  • As per the administrator guide, Genian NAC uses some protocols for detecting a device’s platform.

Is it possible that you show us the detection steps for below two examples:

Example(1) New windows machine connected to the network using DHCP, and wireless connection.

Example(2) IP-Phone with static IP.

  • We would like if you provide a brief overview of how are you relaying on below protocol for detecting the platform:
  1. HTTP / HTTPS header and body
  2. Web Browser User-Agent
  3. Open Port
  4. HPSLP
  • can we feed a mirrored traffic, or Netflow to the sensor
  • as per the admin guide, the product can shutdown the switch port based on SNMP, which is L1 action. Is the product able to apply actions on higher layers like (Assign the port to a different vlan, ACL, and TCP reset).

Tank you.

0
  • As per the administrator guide, Genian NAC uses some protocols for detecting a device’s platform.

Is it possible that you show us the detection steps for below two examples?

Example(1) New windows machine connected to the network using DHCP, and wireless connection:

Example(2) IP-Phone with static IP:

  • We would like if you provide a brief overview of how are you relaying on below protocol for detecting the platform:
    A. 
    1. Network Sensor scans network for any IP Enabled devices
    (*Wireless Adapter installed on Network Sensor to detect wireless devices)
    2. Network Sensor collects node information (https://www.genians.com/guide/v5/monitoring/network-nodes/understanding-platform-detection/)
    3. Policy Server then identifies device platform information
    4. The Policy Server Database is updated from Genians Update Server weekly or monthly

 

  • can we feed a mirrored traffic, or Netflow to the sensor
    A. It is not recommended but we can support a mirrored environment but requires two physical interfaces on the Network Sensor.
  • as per the admin guide, the product can shutdown the switch port based on SNMP, which is L1 action. Is the product able to apply actions on higher layers like (Assign the port to a different vlan, ACL, and TCP reset).
    A. No, we do not change the VLAN or ACL. We provide Layer 2 enforcement with ARP Poisoning and Layer 3 enforcement with mirror(SPAN) port using TCP reset.
edited answer