Internal documentation only
This page has been marked as draft.
Allow netprobe to ignore traffic from unknown source or only allow traffic from the gateway
Your Answer here:
-
You can configure the following variables:
Just to mention this is done on the netprobe:
For gateway hosts, it depends on what netprobe you’re running.
In order to provide an extra level of security, it is possible to configure a Netprobe to only accept connections from a nominated ‘trusted’ list of Gateway hosts. This is done by setting the TRUSTED_GATEWAY_HOSTS variable, either as an environment variable on UNIX or in the registry on Windows (see Setting Variables for Netprobe on Windows Platforms).
The variable should be set to the names of the trusted hosts, separated by commas.TRUSTED_GATEWAY_HOSTS may contain a host alias as defined in /etc/hosts file. If TRUSTED_GATEWAY_HOSTS is set to “+”, then any Gateway is trusted – this is equivalent to not setting the TRUSTED_GATEWAY_HOSTS variable.
Non-trusted hosts attempting to connect will cause a warning message to be logged on the Netprobe and to all connected Gateway and ActiveConsole Event Tickers. For security reasons the TRUSTED_GATEWAY_HOSTS setting can only be set as a variable on the machine running the Netprobe – it is not possible to set it as part of the probe configuration on the Gateway.
A similar setting TRUSTED_GATEWAY_NAMES can be configured to restrict Gateways connecting to Netprobe in the same manner as TRUSTED_GATEWAY_HOSTS above. This setting checks the Gateway name rather than the host.*
In case you’re using a windows netprobe the following may help:
For Windows platforms, the Netprobe does not read the above variables from the environment variables. Instead, these values need to be set in the registry. The Windows Netprobe Installer will have created a set of registry keys under HKEY_LOCAL_MACHINESOFTWARENetAgentNetprobeNT (if a non-default service name was specified when the Netprobe was installed, that name will replace “NetprobeNT” in this key name). Use the utility regedt32.exe on the Windows platform (supplied as part of the operating system) to edit the values or add new name-value pairs in this set of registry keys.
Alternatively, it is possible to get or set Netprobe registry keys using the utilities na_getenv.exe and na_setenv.exe which are installed as part of the Windows Netprobe package. NetProbe User Guide / August 2014 Page 17 of 41 Utility Use Example na_getenv.exe Extracts the value of a Netprobe registry key Using a default Netprobe installation (i.e. where the service name is “NetprobeNT”), the command na_getenv.exe NetprobeNT NET_PORT will return the default port value of 7036.
na_setenv.exe Sets the value of a Netprobe registry key Again using a default Netprobe installation, the command
na_setenv.exe NetprobeNT NET_PORT 12345 will change the listen port for the service NetprobeNT to port 12345.