I am new to EPO, I inherited this network about a month ago and I am totally lost in the EPO console. How do I get the RSS to read and detect properly. in the detected systems console 2 subnets are "uncovered". in compliant, it only reads 2 systems managed (the rest are 0's). The last column, 1 is passive, the rest 0. this is not the norm. With 70 or so stations/servers these numbers should read correctly. In the policy catalog, RSD is "none" on assignments (I know I have that wrong). I have checked youtube videos and tried to read through the support site, but they are of little to no help or guidance.
To cover a subnet you need a computer with an IP address in that subnet with a sensor installed on it. Ideally this computer needs to be always on.
Possible thoughts for your covered/uncovered issue
- A sensor being assign an IP by DHCP in one subnet one day and the other subnet the next
- maybe the sensor is installed on a laptop
- maybe you have a single computer with two IP's one in each subnet
- Maybe its a subnetting issue on your sensor install
Are your missing subnets listed and active under 'Rogue System Sensor Status' in 'Detected Systems' in ePO.
Also your RSD policy only needs to be assigned to your 'My Organization' System tree so don't worry about that.
Well, to give you a little that may help. The EPO server has 2 addresses (192.168.0.8, 192.168.0.62), would that play in? As per the covered subnets section: I figured out if I go to policy catalog, and set the RSD, under interfaces I removed the check from "only listen on an interface..." and added my 2 subnets (192.68.0.x - in office, 192.168.9.x - remote offce through VPN tunnel). the last tab, detection" is a little confusing but I have set DHCP monitor to "enable". should I force the disable and set "do not report systems..."?
Finally, back to the "detected systems", The sensor helth has 1 - passive (was active yesterday).
ty for the reply.
The ePO server is not the scanner itself. The scanning is done by a separately installed piece of software (Deployed and managed by ePO).
What's not clear from your posts is whether you have a sensor deployed to the 192.168.9.x subnet.
I have 13 subnets each one a separate node on a routed WAN. In each subnet i have one PC nominated as a sensor. Each one has had the sensor software installed, so i have 13 sensors. Each one scans it's own subnet and reports any rogue devices back to my ePO server.
I don't use the subnet tab of the policy as each sensor just listens on it's default interface/subnet. I also have the DHCP monitoring set to disabled.
it may be that I do not have the sensor properly installed. (but then again, everything was in the green yesterday) I ma not worried so much about the 9.x network (only 2 PC's) but the local 192.168.0.x is not working.