Network Locations policy
Use the Network Locations policy to define the perspective (network location) of an agent and to define routes for those perspectives.
Note: The Network Locations policy does not automatically import the perspectives you set up in the Network Locations tab in the Proventia Manager (LMI). If you have defined perspectives in the Proventia Manager, you must redefine those perspectives for this policy in SiteProtector.
What is perspective?
A perspective is a name that represents the network location of one or more agents. You associate a perspective with a group to scan in the Scan Control policy. The agent(s) assigned to that perspective in the Networking policy run the scans.
Default perspective
The Network Locations policy contains a default perspective, Global, which you cannot delete. You can use the Global perspective without adding any additional perspectives, or you can use it along with
When to use additional perspectives
Perspective is most important when you have multiple scanners located at different locations on your network. To distinguish among them, you must use more than one perspective.
You can only assign one unique perspective per scanning port. You cannot assign the same perspective to more than one scanning port.
Perspective names
When you choose a perspective name, choose a name that represents the location on the network that the perspective references. Consider that, technically, a perspective represents a set of subnets from which you would expect the same results for scanning and monitoring your network regardless of where you connected your scanners within that set of subnets.
Scanning without full permissions
To perform any Enterprise Scanner scan with SiteProtector SP™ 6.1 or later, a user must have permission to view the Network Locations policy. This permission is granted for the predefined user groups that provide full Enterprise Scanner permissions. If you define users or user groups with restricted permissions, you must grant this permission explicitly. The way you grant permission is based on the inheritance behavior of your policy:
If you... | Then... |
|
|
Do not change the inheritance behavior of | You can define the permission once at the |
the policy | Site level. |
|
|
Change the inheritance behavior of the | You must grant the permission for the group |
policy | where you need the permission and for all |
| the groups above it in the hierarchy. |
|
|
