Devices with Static IP Addresses
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Devices with Static IP Addresses
IoT Security uses several methods to detect static IP
addresses.
While most network-connected devices receive their IP
addresses dynamically through DHCP, it’s common to reserve part
of the network address space for use as static IP addresses for
devices such as routers, printers, FTP servers, and DHCP servers.
Beyond this common practice, there are some industries and facilities
that use static IP addresses predominantly; for example, manufacturing,
utilities, oil and gas, warehouses, order fulfillment centers, and
processing and distribution centers. Because most automation and
control applications use the IP address directly in their programs,
it's important that robotic devices and controllers in assembly
lines and processing centers have static IP addresses, which is
why static addressing is so prevalent in these areas.
IoT Security can be deployed in networks where DHCP dynamically
assigns IP addresses to devices, where network administrators manually
configure devices with static IP addresses, and where there’s a
combination of both. IoT Security uses multiple techniques for detecting
and monitoring network activity and correlating it to individual
devices. By examining the DHCP traffic logs that firewalls provide,
it associates dynamically assigned IP addresses with device MAC
addresses and adds these devices to its inventory. By looking at
ARP logs, IoT Security also learns IP address-to-MAC address mappings
and adds devices with static IP addresses, which might not otherwise
be discovered through DHCP, to its inventory as well. However, by
the very nature of ARP broadcasts, this only works for devices within
the same Layer 2 broadcast domains as the reporting firewalls. For
devices with static IP addresses beyond Layer 2 boundaries, IoT Security uses machine learning to discover network activity patterns
indicating the likely presence of such devices. You also have the
option of manually providing IoT Security with static IP address assignments
through static IP device and subnet configurations.
Providing IoT Security with a static IP address configuration
by itself is not enough to add a device to the inventory. IoT Security
must also detect network traffic to or from a device with a configured
static IP address. Then it adds the device to its inventory.
Use one of the following methods to add static IP devices and
subnets to the IoT Security inventory:
- Upload a List of Static IP Devices
- Add a Static IP Device Configuration
- Upload a List of Subnets with Only Static IP Addresses
- Add a Subnet with Only Static IP Addresses
IoT Security then uses the IP addresses of these devices (rather
than their MAC addresses) to identify and track them.