- Connection to USM Anywhere
- Updates to the system
- Log collection within the monitored network
- scans
- discovery
- Inbound packets containing data sent from other hosts on that network
- Outbound connections made to perform
| Network Configuration Required | |
|---|---|
| Management Interface | Internet connectivity and IP address routed to provide the access to USM Anywhere. This IP address also allows connections to assets in a monitored network for log collection and asset scans. |
Network Monitoring Interface 1 | Interface connected to a mirrored port in the network switch 1. |
| Network Monitoring Interface 2 | Interface connected to a mirrored port in the network switch 2. |
| Network Monitoring Interface 3 | Interface connected to a mirrored port in the network switch 3. |
| Network Monitoring Interface 4 | Interface connected to a mirrored port in the network switch 4. |
Warning: The VMware Sensor and Hyper-V Sensor require all five network interface cards (NICs) to be enabled; otherwise, the USM Anywhere update will fail. The NICs can remain disconnected.You should only connect the other NICs to any additional network you want to monitor. Don’t connect the NICs to the same Switched Port Analyzer (SPAN) port because it’ll produce duplicate events in USM Anywhere.
Setting Up the Management Interface
Setting Up the Management Interface
By default, USM Anywhere has Dynamic Host Configuration Protocol (DHCP) and log collection enabled.To configure the management interface automatically using DHCPDuring the installation, your system sets an IP address assigned by a DHCP server. You can check the IP address afterwards:
- Connect to the USM Anywhere Sensor console.
- Go to Network Configuration > View Network Configuration.
- Connect to the USM Anywhere Sensor console.
- Go to Network Configuration > Configure Management Interface > Set a Static Management IP Address.
Note: The Configure Management Interface option is only available on VMware and Hyper-V Sensors.
- Enter the IP address.
- Press Enter.
Defining the DNS nameservers
Defining the DNS nameservers
The DNS nameserver is part of the DNS that maintains a directory of domain names and translates them to IP addresses.To define the DNS Nameservers
Important: If you specify two servers for DNS resolution, USM Anywhere determines their priority by their order. Configure your local DNS in the first position to have DNS name resolution in your internal network.
- Connect to the USM Anywhere Sensor console.
-
Go to Network Configuration > Configure DNS.
Note: The Configure DNS option is only available on VMware and Hyper-V Sensors.
- Enter the primary DNS, and then press Enter. A confirmation screen opens to apply changes.
- Select Yes.
- (Optional) You can provide the secondary DNS, and then press Enter. When the confirmation screen appears to apply changes, select Yes.
Creating a Firewall Rule for Communication Between USM Anywhere Sensor and Cloud Service
Creating a Firewall Rule for Communication Between USM Anywhere Sensor and Cloud Service
USM Anywhere is hosted as a cloud service with an IP address that is not statically assigned and may change periodically. For this reason, you must set up a firewall rule that uses the URL of the cloud service to allow incoming and outgoing traffic between the USM Anywhere Sensor and the cloud service.
Checking Your Settings
Checking Your Settings
You can verify your network settings in the USM Anywhere Sensor Setup wizard or through the sensor console.To verify the network settings in the USM Anywhere web user interface (UI)
-
Go to Data Sources > Sensors, and then click the USM Anywhere Sensor name.
At the bottom of the USM Anywhere Sensor page, click the Network IDS tab. Here you can view the traffic in your network over various interfaces.
You can configure a new interface as well as port mirroring here. See the following documentation for more information:Important: The interface will only show as receiving data if it is receiving more than 1000 packets over a 30-second period.
- Connect to the USM Anywhere Sensor console.
- Go to Network Configuration > View Network Configuration.