1 Reply Latest reply on Dec 17, 2012 1:46 PM by MaxPat

    Problem with uncovered subnets

    billtangren

      I am new to this forum, and I hope this is the correct place to post this question. If it is not, please let me know. Also, I *think* I already posted this question to the wrong forum, so if you see it twice, my apologies.

       

      I am using ePO 4.5 with Rogue System Sensor software 4.5.0, and I have a problem (well, several problems really, but this one first).We have rogue sensors covering our private subnets at work, but when user's VPN in from home, their private IP address space at home is being reported by rogue system sensors as uncovered subnets. I tested this by setting my home DHCP subnet to something odd, and then VPNing in and checking the ePO server. My subnet showed up almost right away.

       

      I tried editing the RSD policy, adding those subnets to the "Do not listen on interfaces whose IP addresses are included in the following networks" policy and pushing the policy to the RSD's, but it didn't work. I know that I can ignore the subnets, but my company policy is to not allow that. I also tried adding the subnet space for the IP that the VPN device provided to my laptop, but that didn't help.

       

      An example:

      Subnet at work: 10.10.0.0/16

      Subnet at home before VPNing: 192.168.100.0/24

      Subnet at home with VPN active: 10.10.10.5/32

       

      192.168.100.0/24 shows up as uncovered.

      The /32 does not,  but policy is configured to not report self-configured subnets, so I wouldn't expect it to.

      10.10.0.0/16 is covered.

       

      Can someone please tell me how to make these uncovered subnets go away? Also, what exactly does the  "Do not listen on interfaces whose IP addresses are included in the following networks" policy do, anyway?

       

      Thanks!