Network Agent and stealth mode NICs
| Applies to: |
|---|
|
Your web protection software can inspect all packets with a monitoring NIC (network interface card) that has been configured for stealth mode. A NIC in stealth mode has no IP address and cannot be used for communication. Security and network performance are improved with this configuration. Removing the IP address prevents connections to the NIC from outside resources and stops unwanted broadcasts.
If Network Agent is configured to use a stealth-mode NIC, the installation machine must have multiple NICs. If Network Agent is installed on a separate machine, a second, TCP/IP-capable interface (i.e., it is not in stealth mode) must be configured to communicate with other web protection components for policy enforcement and logging.
During installation, stealth-mode interfaces do not display as a choice for inter- component communication. Make sure you know the configuration of all the interfaces in the machine before attempting an installation.
Stealth mode for the Network Agent interface is supported on Windows and Linux.
Windows
Configure a NIC for stealth mode as follows.
- Go to Start > Settings > Network and Dial-up Connection to display a list of all the interfaces active in the machine.
- Select the interface you want to configure.
- Select File > Properties.
A dialog box displays the NIC connection properties.
- Clear the Internet Protocol (TCP/IP) checkbox.
- Click OK.
Linux
To configure a NIC for stealth mode in Linux, disable the Address Resolution Protocol (ARP), which breaks the link between the IP address and the MAC address of the interface. Run the following commands, replacing <interface> with the NIC’s name, for example, eth0.
- To configure a NIC for stealth mode, run this command:
ifconfig <interface> -arp up
- To return the NIC to normal mode, run this command:
ifconfig <interface> arp up