Deploying Network Agent > Network Agent location
|
Network Agent must be able to see all outgoing and incoming Internet traffic on the network segment that it is assigned to monitor.
A Network Agent instance can be placed in each internal network segment. Each instance should monitor its own segment without overlapping any other agent's segment.
u Connected to a switch.
Configure the device to use a mirror or span port, and connect Network Agent to this port, to allow the agent to see Internet requests from all monitored machines. (On most switches, you can change a port mode to spanning, mirroring, or monitoring mode. The term varies by manufacturer; the function is the same.)
Not all switches support port spanning or mirroring. Contact the switch vendor to verify that spanning or mirroring is available, and for configuration instructions.
It is a best practice to use a switch that supports bidirectional spanning. This allows Network Agent to use a single network interface card (NIC) to both monitor traffic and send block pages.If the switch does not support bidirectional spanning, the Network Agent machine must have at least 2 NICs: one for monitoring and one for blocking. See Network Agent and multiple NICs.
u On a dedicated machine, connected to an unmanaged, unswitched hub located between an external router and the network.To ensure that Network Agent is able to monitor the expected traffic, you must position the Network Agent machine appropriately and configure Network Agent settings in the TRITON - Web Security console. See the TRITON - Web Security Help for instructions.
Deploying Network Agent > Network Agent location
|