Hitachi

JP1 Version 12 JP1/IT Desktop Management 2 Overview and System Design Guide

2.8.6 Using network monitor settings to control network access

By enabling the network monitor on a computer, you can control whether the devices in the network segment where the computer is located are permitted to connect to the network. To control network access differently in different network segments, you need to assign network monitor settings to each network segment.

By creating several sets of network monitor settings and assigning them to the appropriate network segments, you can create a network environment in which, for example, network segments with more stringent security requirements do not permit network access by new devices while others do.

In a multi-server configuration, you can enable or disable network monitoring, or assign network monitor settings only on the computers within a network segment directly under each management server.

The following figure shows an overview of allocating network monitor settings.

[Figure]

You can vary how network access is controlled in each network segment by creating several sets of network monitor settings. You can create network monitor settings in the Network Access Control - Network Access Control Settings view of the Settings module.

After creating network monitor settings, you need to assign them to network segments. You can assign network monitor settings in the Network Access Control - Assign Network Access Control Settings view of the Settings module.

Important

If you have configured the system to automatically distribute the agent to devices discovered on the network, the agent program will be distributed to a discovered computer even if the computer is not permitted to access the network.

For this reason, depending on the network access control settings and the results of a security assessment, a situation might arise in which a computer that is not permitted network access is able to access the network.

Important

In a multi-server configuration, do not mix computers managed by different devices in a single network segment. Network monitor settings assigned by different managing devices might conflict, and you might not be able to control network connections properly.

Tip

You can detect networked devices regardless of whether Permit or Do not Permit is set in the network monitor settings. Devices detected by the network monitor are automatically subjected to network discovery. When the network monitor detects a device, any actions specified in the discovery conditions such as automatically registering the device as a management target or automatically distributing the agent program will take place. In this case, the device becomes a management target and uses one product license.

If you do not want to automatically register devices as management targets, clear the Auto-Manage Discovered Nodes and Auto-Install Agent check boxes in the discovery options, and manually register devices as management targets.

To Page Top

Copyright (C) 2019, 2022, Hitachi, Ltd.

Copyright (C) 2019, 2022, Hitachi Solutions, Ltd.

Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.