Devices with Static IP Addresses
Device Security uses several methods to detect static IP
addresses.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
One of the following subscriptions:
Device Security subscription for an advanced
Device Security product (Enterprise,
OT, or Medical)
Device Security X subscription
|
While most network-connected devices receive their IP
addresses dynamically through DHCP, it’s common to reserve part
of the network address space for use as static IP addresses for
devices such as routers, printers, FTP servers, and DHCP servers.
Beyond this common practice, there are some industries and facilities
that use static IP addresses predominantly; for example, manufacturing,
utilities, oil and gas, warehouses, order fulfillment centers, and
processing and distribution centers. Because most automation and
control applications use the IP address directly in their programs,
it's important that robotic devices and controllers in assembly
lines and processing centers have static IP addresses, which is
why static addressing is so prevalent in these areas.
Device Security can be deployed in networks where DHCP dynamically
assigns IP addresses to devices, where network administrators manually
configure devices with static IP addresses, and where there’s a
combination of both. Device Security uses multiple techniques for detecting
and monitoring network activity and correlating it to individual
devices. By examining the DHCP traffic logs that firewalls provide,
it associates dynamically assigned IP addresses with device MAC
addresses and adds these devices to its inventory. By looking at
ARP logs, Device Security also learns IP address-to-MAC address mappings
and adds devices with static IP addresses, which might not otherwise
be discovered through DHCP, to its inventory as well. However, by
the very nature of ARP broadcasts, this only works for devices within
the same Layer 2 broadcast domains as the reporting firewalls. For
devices with static IP addresses beyond Layer 2 boundaries, Device Security uses machine learning to discover network activity patterns
indicating the likely presence of such devices. You also have the
option of manually providing Device Security with static IP address assignments
through static IP device and subnet configurations.
Providing Device Security with a static IP address configuration
by itself is not enough to add a device to the inventory. Device Security
must also detect network traffic to or from a device with a configured
static IP address. Then it adds the device to its inventory.
Use one of the following methods to add static IP devices and
subnets to the Device Security inventory:
Device Security then uses the IP addresses of these devices (rather
than their MAC addresses) to identify and track them.
