Devices with Overlapping IP Addresses
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Devices with Overlapping IP Addresses
IoT Security uses network segments to detect and learn about devices that share an
overlapping IP address.
Overlapping IP addresses, also known as shared IP blocks, occur when an IP CIDR block is
reused across different networks. In industries where each site operates independently,
such as retail or manufacturing plants, a shared IP block can exist at multiple sites.
Other common use cases for overlapping IP addresses include guest networks, or local
resources that don't need enterprise-wide access. In these scenarios, devices using
shared IP blocks don't communicate with other devices using the same shared IP block.
IoT Security uses network segments to identify when there are overlapping IP
addresses because multiple networks are using a shared IP block. A network segment is an
association of one or more firewalls that is assigned to a site. Each firewall can only
be assigned to one network segment, and each network segment can only be assigned to one
site. This helps IoT Security distinguish devices with overlapping IP addresses,
based on what firewall and IP address the traffic is coming from.
Because IoT Security relies on a combination of both network segment and IP
address block assignments to a site, you must use
IP address-based site assignment
to support device identification when there are overlapping IP addresses.
Deployments that use firewall-based site assignment cannot use network segments.
Using a combination of IP address and network segment, IoT Security identifies
distinct devices within overlapping IP blocks that different firewalls observe and
creates more accurate IP address-to-MAC address bindings. THis improves the
completeness of the asset inventory by accurately representing the unique devices, their
attributes, and behaviors within each shared IP block. Additionally, by matching traffic
from overlapping IP addresses to the correct devices, IoT Security creates a more
accurate behavior baseline for both devices and profiles. In turn, an accurate behavior
baseline provides higher confidence in risk assessments and policy recommendations,
while reducing false positives due to inaccurate anomaly detections.
To support identification of devices in a network with shared IP block groups, add and
manage network segment configurations.