Network Discovery

These instructions will assist with properly setting up the Inspector for network auto-discovery..

👍

Quick Details

Recommended Agent: Self-Managed
Supported Agents: Self-Managed
Is Auto-Discovered By: Windows Server Inspector
Can Auto-Discover: Fortinet Fortigate Inspector, HP ProCurve Inspector, SonicWall Inspector, Synology NAS Inspector, WatchGuard Inspector
Parent/Child Type Inspector: No
Inspection via: CLI
Data Summary: Here

Overview

See it In Action

📘

Note

This is a cross-platform Inspector that does NOT require any dependencies to be installed on the system.

❗️

Subnet Limitation

The Network Discovery inspector can not scan a subnet larger than a /17 which totals 32,768 hosts.

If this functionality is desired, please share your feedback using the in-app feedback form found in the Support dropdown in your Liongard.

Understanding The Scan

This Inspector will do a full network scan which includes: discovering any devices connected on the network, discovering any of their available metadata, discovering local DHCP servers, discovering any DNS servers that are listed by the DHCP servers, finding rogue DHCP servers, finding open ports across the devices, and finally, perform SNMP sessions against network devices to further inspect system-level details. Even though the Inspector is designed to be massively concurrent, please be aware that doing massive scans may require some amount of time.

  • The first step in the scan is to do a ping scan across the subnet specified. The scan captures any hosts which are alive that provide ping responses.
  • The next step in the scan is to do a TCP scan across hosts found alive in Step #1. The Inspector scans the ports specified, each alive host, to find which ports are open and which are closed.
  • The final step in the scan is to do an SNMP scan for alive hosts that have Port 161 open. The Inspector currently only uses the community string "public" for these scans, and it only pulls the SysInfo subtree.

🚧

MAC Level Info from an External Subnet

Our Network Discovery Inspector cannot bring back MAC addresses or vendor information for devices outside of the Agent’s local subnet.

Liongard Inspector Setup

Setup via Auto-Discovery

Your first Network Discovery Inspector will likely be the one auto-discovered by the Windows Server Inspector installed on your On-premises Agent. Details for the Inspector setup are retrieved from the active NIC on the Windows server.

On the Network Discovery Inspector's first successful run, it will auto-discover network devices as detailed below.

❗️

Only 1 Discovered Inspector

Currently, the auto-discovery process only occurs for the first agent installed for that Environment. Afterwards, you may setup additional Network Discovery inspectors for that Environment but they will require the Individual Inspector Setup steps to be followed.

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Network Discovery Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System Inspector should be associated to
  • Friendly Name: Suggested "Network Discovery [Environment Name]"
  • Agent: Select the On-premises Agent installed for this Environment
  • Version: Latest (Auto-Update)
  • Targets: A list of subnets to scan. This field will accept the following formats:
    • 192.168.1.1 (single address)
    • 192.168.1.1-192.168.1.255 (address range)
    • 192.168.1.1/24 (CIDR subnet mask notation)
    • 192.168.1.1/255.255.255.0 (full subnet mask)
    • If the field is left blank, the Inspector will automatically scan the subnet of the Agent using the same subnet mask as the Agent machine's network interface, using the subnet mask applied to the interface of the Agent machine.

📘

Target Subnets

In order for the Network Discovery Inspector to pull MAC Addresses and Vendor Information, the Target Subnet needs to be on the same subnet as the Agent selected.

  • Ports: List of ports you wish to scan. By default, if no ports are selected, then the port scan will be skipped. You may want to limit the number of ports you wish to scan to make the inspection more performant. Ports can be single values as well as ranges (e.g. 100-300)

Common Ports

Port #ProtocolApplication
20TCPFTP Data
21TCPFTP Control
22TCPSSH
23TCPTELNET
25TCPSMTP
53UDP, TCPDNS
67, 68UDPDHCP
80TCPHTTP
110TCPPOP3
443TCPSSL / HTTPS
3389TCPRDP
  • Disable External IP Scan: This will disable the External IP scan.
  • Enable SNMP: This will enable the use of SNMP collection
  • SNMP Port: Port the SNMP agent is running on
  • SNMP Version: SNNP Version the inspector should use
  • SNMP V2 Community String: Community String of the agent.

📘

Inspecting Multiple Community Strings

One Network Discovery Inspector can inspect one Community String.

If you would like to inspect multiple Community Strings, you will need to create an additional Inspector for each Community String you would like to inspect.

  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Roll out Inspectors at Mass via CSV Import

For more information, please visit our documentation.

To import Network Discovery Inspectors via CSV Import, navigate to Admin > Inspectors > Network Discovery > Select the down arrow icon in the top right-hand to Download CSV Import Template.

In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:

  • Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
  • Inspector.Name: Enter "autodiscovery-inspector"
  • Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • Config.TARGETS[0]: Enter a subnet to scan by entering the four octets of an IP address. Examples:
    • 192.168.1.1/24 - Entering will scan the range of IP addresses
    • 192.168.1.1-192.168.1.254- Entering will scan the range of IP addresses
    • 192.168.1.1: Entering will scan the entered IP address

If left blank, the Inspector will automatically scan the entire subnet of the Agent entered in the Agent.Name column. If you would like to inspect a list of subnets, you will need to add a column to the left called "Config.TARGETS[1]", "Config.TARGETS[2]", etc., and in each column enter the additional subnet that you would like to inspect.

  • Config.PORTS[0]: By default, Liongard creates columns for ports 21, 22, 80, 161, and 443. Enter any additional ports you wish to scan. You may also choose to remove default columns. Ports can be single values as well as ranges (e.g. 100-300). You may want to limit the number of ports you wish to scan to make the inspection more performant. If you would like to inspect additional ports, you will need to add a column to the left called "Config.PORTS[5]", "Config.PORTS[6]", etc., and in each column enter the additional port that you would like to inspect
  • Config.EXTERNAL_SCAN_DISABLED: Enter "true" or "false" depending on if you wish to disable the external IP scan. An entry of true will disable the scan.
  • Config.SNMP_SCAN: Enter "true" or "false" depending on if you wish to perform SNMP scans for all open 161 ports across all hosts found
    • Please note this will only return results if you have port 161 (a default) in the port list above.
  • Config.SNMP_VERSIONS[0]: Enter v2c.
    • Liongard is working to support additional SNMP versions.
  • Config.SNMP_COMMUNITY_STRING: Enter the SNMP v2 community string. (Required only if scanning SNMP v2).
  • FreqType: Enter "days"
  • FreqInterval: Enter "1"

When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Network Discovery > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.

After the successful import notification, reload your browser to find your imported Inspectors.

These Inspectors will automatically trigger themselves to run within a minute.

Auto-Discovery: Firewall/Network Inspectors

The Network Discovery Inspector can Auto-Discover Fortinet Fortigate, HP ProCurve, Sonicwall, Synology NAS, and WatchGuard devices.

To set up an auto-discovered Inspector, please see our documentation for that specific Inspector.

Inspector FAQs

Customizing the Inspector's Default Settings

The Network Discovery inspector's configuration template can be customized in order to provide specific default values when you create a new inspector. For example, if you want all new Network Discovery inspectors to scan port 3389 by default, the inspector allows you to specify that port number in one central location and ensures that it is added as a default port number on all new inspectors.

To use this feature, go to Admin > Inspectors > Network Discovery and click the Default Inspector Settings button. You can then change any default configuration value and click Save. If you want to discard these changes and return to the Liongard-provided default values, click the Reset To Default Values button.