Issue with RD Sensor.

[Sarvesh Singh 1]

One of our clients using VLan and connected with Point 2 Point connection over lease line. There are around 550 workstations & 30 VLans configured with different IP range such as 10.0.1.1, 10.0.2.1, 10.0.3.1 and so on.

They have installed ERAS 6.3 on 10.0.3 network and RD Sensor is able to detect workstations from the same IP range but not for other IP range.

Server is able to ping client workstation from different IP range and vice-versa

So kindly let me know if we can add IP range in the setting or anywhere in ERAS so that RD Sensor can detect other workstations too from different IP range.
 

[j-gray 35]

This is one of my biggest complaints with the RD sensor; it only works on the subnet where it's located. You would need to install an RD sensor on each unique subnet where you want to detect rogue systems.

[Sarvesh Singh 1]

So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right?

 

Also need suggestion from Moderator.

[MartinK 378]

Problem is that current implementation relies on ARP messages and therefore it's passive detection is limited to current subnet.

 

So in this case I have to install Win Pcap and RD Sensor on 30 workstations and after taking the data from detectedMachines.log I have to upload same on the ERAS, am I right?

 

Also need suggestion from Moderator.

 

Technically you have to install RDSensor (+AGENT) into each subnet. List of detected machines will be sent to ERA server automatically (through AGENT installed on the same machine as RDSensor) and merged on ERA server into one list as if detected by one sensor.

[Sarvesh Singh 1]

This is again the manual task to do installation on 30 systems of Agent, RD sensor as well as Win Pcap.

 

Which requires manual intervention and consumes lot of time. Version 6 is new but its totally different and tricky than version 5.

 

There should be any automated solution for this issue as available in version 5

Due to this lack of this feature, we have lost 550 user license PO.

Edited February 11, 2016 by Sarvesh Singh

[Sarvesh Singh 1]

can anyone answer?

[MichalJ 434]

Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers.

Your requirement will be tracked as an improvement request.

[BDeep 7]

Answer has been provided by MartinK already: As of now, RD sensor has to be installed in every subnet, to be able to detect computers.

Your requirement will be tracked as an improvement request.

 

I'm seeing in 6.3 that I have to run the Rogue Detection report in order to get the client list. They are not automatically populating in the Rogue Computers group in the ERA console. Is this a bug (new thread) or intended results?

[MichalJ 434]

What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case.

You always need to import the outputs from the rogue detection sensor manually.

You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import.

[BDeep 7]

What is the "Rogue Computers Group" in ERA console? If you mean "lost and found" this was never the case.

You always need to import the outputs from the rogue detection sensor manually.

You can do this by either running the report, or by using the dashboard element "rogue computers ratio" => you click on the rogue ones, and drill down into the list. From there you can commence the import.

 

I don't mean Lost and Found. The static group that was included in the deployment of ERA 6 virtual appliance that says "Rogue Computers".

For some reason I thought it pre-populated. It's been a little while since I messed with it. Manually running the report and importing from the generated report works fine.