thanks a lot for your reply, but the question was where i can get IPs that
counted as In use in License information's summary tab.
For example, now I have the following situation:
SFM License limit - 500, In Use - 1777
IS License limit - 500, In use - 258, but what that IPs are?
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
Al Leach
[EMAIL PROTECTED] To: Sergey V Soldatov [EMAIL
PROTECTED],
[EMAIL PROTECTED]
17.09.2004 17:54 cc:
Subject: RE: [ISSForum] SFM and hosts
to be scanned by IS
Internet Scanner and Fusion both do licensing based on individual IP's
processed. Therefore, it's necessary to be very careful about DHCP
clients. If a machine using DHCP uses one IP address one day, and a
different address a different day, it will decrement the license of both
Internet Scanner and Fusion twice (assuming the DHCP machine is scanned
with Internet Scanner and traffic to the machine is processed by Fusion
during both of these days). However, just like with Internet scanner,
it should be the case that you can specify the entire DHCP address range
in the policy for Fusion and only have license counts decrement when
traffic to a new DHCP machine is processed. For example, if you have
500 addresses in your DHCP pool, but only the first 125 are used (and
your DHCP server is intelligent about re-using relinquished leases) then
both Internet Scanner and Fusion should only decrement their license
counts by 125 - regardless of how many times you scan the entire DHCP
pool or how often Fusion processes traffic to one of these 125 DHCP
clients. Furthermore, it is my understanding that if Fusion sees
traffic to a node that it doesn't have Internet Scanner vulnerability
information for, it doesn't have any processing to do and Fusion's
license count doesn't decrement (even if the node's IP address is
configured in the Fusion license). This is what I've been lead to
believe by ISS, and it seems to be consistent with the use of licenses
that I see for Internet Scanner and Fusion from Tools/Manage Sensor
Licenses in Site Protector. Can anyone else confirm that this is
accurate?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Sergey V Soldatov
Sent: Friday, September 17, 2004 2:44 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] SFM and hosts to be scanned by IS
For fusion module (SFM) to be working well it's needed that all hosts
that has been scanned by Internet scanner (IS) were added to Licensing
section of SFM policy. When I scan hosts I use diapason i.e.
x.x.x.1-x.x.x.254 and, of course, not all host from such diapason are
reachable, so in details of completed scans I can see, for example:
Total Targets to be Scanned: 500
Total Hosts Scanned: 125
Total Hosts Skipped: 376
That means that only 125 hosts use my IS license, not all 500.
The question is how I can get the IPs of that 125 hosts so, that
they
were matched in SFM policy? How can I keep IPs that have been
successfully scanned and SFM policy in sync?
Of course, that problem can be solved in case of static IPs, but
when
IPs are gathered dynamically I can't be sure if either IP have to be
added to SFM license or not.
Any ideas will be welcome.
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 (2663)
___
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
___
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.
