Views:

Enable TippingPoint Network Sensor to provide greater detection capability and visibility into your network environment.

Enabling the Network Sensor on your TippingPoint TXE-Series Threat Protection System (TPS) provides greater visibility into your network environment and enables greater sharing of network telemetry with Trend Vision One detection and response apps such as Workbench and Send to Sandbox.
If your TPS device is configured in a stack, make sure you enable TippingPoint Network Sensor on each device in the stack. After enabling TippingPoint Network Sensor on a stacked device, you must reboot the device before sequentially enabling the service on the next device in the stack. Allow each device to finish the boot sequence completely—ensuring that the SMS no longer displays the Not Communicating status for the managed TPS device—before rebooting the next device. After each reboot, wait for the SMS client to display a Ready to Inspect status (RTI – Normal). Refresh the Trend Vision One display to ensure that the TippingPoint Network Sensor has been enabled and that it no longer instructs you to reboot the device. Learn more about configuring a TPS stack in the Trend Micro™ TippingPoint™ TPS Stacking User Guide.
Note
Note
When you enable TippingPoint Network Sensor in conjunction with Send to Sandbox, files are sent for analysis in addition to URLs. The combined services require an additional 2,000 credits per 500 Mbps of bandwidth. When you use this combination of services in a TPS stack, you must enable both services on each device in the stack. Reboot each enabled device sequentially before enabling the services on the next device in the stack.
TippingPoint Network Sensor has the following system requirements:
  • Network Security only supports Network Sensor on TippingPoint TXE-Series TPS devices, including 9200 TXE and 8600 TXE devices.
  • IPv6 device management for TippingPoint Network Sensor is not supported. From the SMS client, select DevicesAll Devices, and then click Device Configuration for your device. Select Management Information and make sure that Use IPv6 address to manage this device is not selected.
  • TippingPoint Network Sensor uses 50GB of user disk space on the TPS device.
  • You must reboot the TPS device after TippingPoint Network Sensor is installed. This reboot does not cause any downtime for the device.
  • Enabling TippingPoint Network Sensor reduces the bandwidth capacity of TippingPoint devices as follows:
    • 8600 TXE devices reduced from 40 Gbps to 20 Gbps
    • 9200 TXE devices reduced from 100 Gbps to 60 Gbps
    • TippingPoint Network Sensor max capacity is 10 Gbps
  • TippingPoint Network Sensor requires configuring additional ports and firewall exceptions. For more information, see Ports and URLs used by TippingPoint.
Follow the steps below to enable TippingPoint Network Sensor on your TippingPoint TXE-Series TPS devices.

Procedure

  1. On the Trend Vision One console, go to Network SecurityNetwork InventoryTippingPoint.
  2. Locate the TippingPoint TXE device you want to use with TippingPoint Network Sensor and click the toggle to enable the feature.
    A confirmation window appears. If internet or firewall issues prevent your TippingPoint device from accessing required domains, continue to step 3 to configure a proxy server so that Trend Vision One can continue to receive network telemetry from your device. Otherwise, skip to step 4.
    Note
    Note
    The option to configure a proxy is available only when you enable TippingPoint Network Sensor.
  3. Click Configure to configure a proxy.
    1. Specify an address for your HTTP proxy. HTTPS and SOCKS proxies are not supported.
      You can enter an IPv4 address or, if your TPS device has a DNS server configured for resolving domain names, an FQDN.
    2. Specify the port number of your proxy server (1 – 65535).
    3. If your proxy requires authentication, select the Require authentication credentials checkbox and enter a username (required) and password (optional).
    4. Click Save.
  4. Click Enable to install TippingPoint Network Sensor on the TippingPoint device.
    Note
    Note
    The Network Administrator must reboot the device from the SMS console. This reboot does not cause any downtime for the device.
  5. Click the management console link to access the TippingPoint SMS console that is managing the TippingPoint TXE device you want to use.
  6. From the SMS console, navigate to DevicesAll Devices and click on the TXE device where you enabled TippingPoint Network Sensor to reboot the device.
  7. After the device completes its reboot, refresh the Network Inventory page on the Trend Vision One console to view the updated device status.