Internet Scanner and Fusion both do licensing based on individual IP's processed. Therefore, it's necessary to be very careful about DHCP clients. If a machine using DHCP uses one IP address one day, and a different address a different day, it will decrement the license of both Internet Scanner and Fusion twice (assuming the DHCP machine is scanned with Internet Scanner and traffic to the machine is processed by Fusion during both of these days). However, just like with Internet scanner, it should be the case that you can specify the entire DHCP address range in the policy for Fusion and only have license counts decrement when traffic to a new DHCP machine is processed. For example, if you have 500 addresses in your DHCP pool, but only the first 125 are used (and your DHCP server is intelligent about re-using relinquished leases) then both Internet Scanner and Fusion should only decrement their license counts by 125 - regardless of how many times you scan the entire DHCP pool or how often Fusion processes traffic to one of these 125 DHCP clients. Furthermore, it is my understanding that if Fusion sees traffic to a node that it doesn't have Internet Scanner vulnerability information for, it doesn't have any processing to do and Fusion's license count doesn't decrement (even if the node's IP address is configured in the Fusion license). This is what I've been lead to believe by ISS, and it seems to be consistent with the use of licenses that I see for Internet Scanner and Fusion from Tools/Manage Sensor Licenses in Site Protector. Can anyone else confirm that this is accurate?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergey V Soldatov Sent: Friday, September 17, 2004 2:44 AM To: [EMAIL PROTECTED] Subject: [ISSForum] SFM and hosts to be scanned by IS For fusion module (SFM) to be working well it's needed that all hosts that has been scanned by Internet scanner (IS) were added to Licensing section of SFM policy. When I scan hosts I use diapason i.e. x.x.x.1-x.x.x.254 and, of course, not all host from such diapason are reachable, so in details of completed scans I can see, for example: Total Targets to be Scanned: 500 Total Hosts Scanned: 125 Total Hosts Skipped: 376 That means that only 125 hosts use my IS license, not all 500. The question is how I can get the IPs of that 125 hosts so, that they were matched in SFM policy? How can I keep IPs that have been successfully scanned and SFM policy in sync? Of course, that problem can be solved in case of static IPs, but when IPs are gathered dynamically I can't be sure if either IP have to be added to SFM license or not. Any ideas will be welcome. --- Best regards, Sergey V. Soldatov. Information security department. tel/fax +7 095 745 89 50 (2663) _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
