Specifying your internal networks and domains

Contents

Specifying your internal networks and domains

Specify the fully qualified domain name of the Engine and the address where the Engine can find the Portal.

Additionally, to help the Engine make the difference between network traffic inside your organization and network traffic destined to external entities, specify your internal networks and domains from the Web Console.

Specifying the DNS name of the Engine

To specify the fully qualified domain name (DNS name) of the Engine:

  1. Log in to the Web Console as admin.
  2. Click the Engine tab at the top right corner and select Parameters from the left-hand side menu.
  3. Type in the DNS name of the Engine in the entry Engine DNS name (e.g. myengine.example.com).
  4. Click Save to store your changes.

Connections to the Engine through the Web API use the configured DNS name of the Engine for communication. For the Web API to work, this value must be correctly set. If the Engine does not have a DNS name, type in its IP address instead.

The Updater also needs the DNS name of the Engine to be correctly set for retrieving new versions of the Collector when available.

Specifying the address of the Portal

The Engine needs to know where it can find the Portal in order to get licensing information and send real-time services data to it. To specify address of the Portal:

  1. Log in to the Web Console as admin.
  2. Click the Engine tab at the top right corner and select Parameters from the left-hand side menu.
  3. Type in the DNS name or IP address of the Portal in the entry Portal address.
  4. Click Save to store your changes.

Specifying the internal networks

To specify the subnetworks that the Engine must recognize as belonging to your organization:

  1. Log in to the Web Console as admin.
  2. Click the Engine tab at the top right corner of the page and select Internal networks & domains from the left-hand side menu.
  3. Click the plus button at the right of the table entitled Internal network configuration to add a new internal network to the table.
  4. For each one of your internal IP networks, specify:
    • The subnetwork base address in the column Network.
    • The subnetwork mask in the column Mask.
  5. Repeat the operation for as many internal networks as you need to specify.
  6. Optional: Click the button with an e inside at the right of the network entry in the table to edit its contents.
  7. Optional: Click the button with an x inside at the right of the network entry in the table to remove the entry.
  8. Click Save to make your changes permanent and restart the Engine (or wait until you have finished configuring your internal domains).

Specifying the internal domains

Specifying the internal domains is only useful if you have purchased the Web and Cloud module. You need to write down only those domains that are hosted in servers outside your internal networks, so they are still considered internal web traffic even though they can be managed by an external organization. Domains served from your internal network are naturally considered internal.

The Engine never compacts domains identified as internal and it never sends these domains to the Application Library for detecting threats, since they are trusted.

To specify your internal domains:

  1. Log in to the Web Console as admin.
  2. Click the Engine tab at the top right corner and select Internal networks & domains from the left-hand side menu.
  3. Write down the list of domains inside the text box under the title Engine internal domains at the bottom of the page. Use the wildcards ? and * to replace one or several characters of the domain name and separate each domain in the list by a space. For instance:
    *.example.com *.nexthink.com *.nexthink.ch
  4. Click Save to make your changes permanent and restart the Engine.