Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Managing IP Correlation for Active Response on the SMS!

    • Updated:
    • 29 Dec 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary

IP Correlation is the method by which the SMS looks up the IP addresses of hosts under inspection, learns the associated MAC address of an IP from a source, and then resolves which switch this MAC is connected to. The SMS can then engage switch actions to begin acting on hosts. This setup is required for SMS Active Response to work with non-IPS infrastructure equipment, such as switches and other network access points.

Configuring IP Correlation

The IP Correlation Network Mapping Table is used to create a static map of IP address to MAC address one entry at a time. Mapping of the end-station to its IP address is a requirement for the SMS Active Response application to properly control access on a host. When configured for IP Correlation, the SMS:

  • Watches events from an IPS
  • Finds the end-station responsible for those events
  • Uses the information to initiate a response
Details
Public

How To: Common Task

  1. Log in to the SMS from a client.
  2. On the SMS toolbar, navigate to the Responder > IP Correlation. The IP  Correlation screen displays.


How To: Add/Edit Network Mapping

  1. In the IP Correlation Network Mapping area, click New, or select an existing entry in the list and click Edit. The IP Correlation dialog displays.
  2. Specify the following information:
    • IP Address
    • MAC Address (in::::: format)
  3. Click OK to finish.


How To: Add/Edit Web Services

  1. In the IP Correlation Web Services area, click New or select an existing entry in the in the list and click Edit. The IP Correlation Web Services dialog displays.
  2. Specify the Web Services URL. If you are using basic authentication, enter the Username and Password.
  3. Click OK to finish.


How To: Control Web Service Precedence

  1. From the IP Correlation Web Services area, select the Web Service URL entry.
  2. Use the Up and Down arrow buttons to move the entry up or down in the list.


How To: Perform a Test of IP Correlation

  1. On the SMS toolbar, navigate to the Responder > IP Correlation. The IP Correlation screen displays.
  2. Click Test (located at the bottom of the screen). The IP Correlation Test dialog box opens.
  3. Select the appropriate Correlation Method (IPLOOKUP or MACLOOKUP)
  4. Enter an address for the type of method selected: IP or MAC.
  5. Click Query. The results of the query display in the results section.
  6. Click Close to close the dialog and return to the IP Correlation screen.




Reference: SMS User Guide

Premium
Test Now
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000098748
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.