Configure Subnets and Organizations

Applies To: ThreatSync+ NDR

A subnet is a smaller network created by the division of a larger network into equal parts. On the Manage Subnets page, you configure subnets and ranges of IP addresses to label your internal networks and important systems to help ThreatSync+ NDR identify rogue devices.

Internal systems that are not part of a subnet or IP range are identified as members of an Untrusted Private group.

Screen shot of Manage Subnets page, ThreatSync+ NDR

On the Manage Subnets page, you also specify how much of the network you want ThreatSync+ NDR to monitor traffic for.

Specify Traffic Monitoring Behavior

You can specify subnets and IP address ranges to label internal networks and important systems and to limit how much traffic you want ThreatSync+ NDR to monitor. You can exclude a subnet or IP address range from network traffic monitoring.

WatchGuard recommends that you monitor all traffic.

Screen shot of Manage Subnets page, ThreatSync+ NDR, select monitoring behavior

To specify traffic monitoring behavior, from WatchGuard Cloud:

  1. Select Configure > ThreatSync+ NDR > Subnets and Organizations.
  2. Select one of the three options:
    • Monitor All Traffic — Monitors all traffic without restrictions. This includes all subnets and exceptions listed.
    • Monitor Only My Critical Systems — Monitors a core set of systems only, based on the subnets and IP addresses you include in the list.
    • Exclude Address Ranges from Monitoring — Monitors all traffic except for the subnets and IP address ranges you exclude in the list.

    For information about how to include or exclude an IP address range or subnet, go to Configure Subnets in ThreatSync+ NDR.

  3. Click Save.
    It can take up to five minutes for the settings to update.

Configure Subnets in ThreatSync+ NDR

Create a subnet and ranges of IP addresses to label internal networks and important systems.

To configure a subnet, from WatchGuard Cloud:

  1. Select Configure > ThreatSync+ NDR > Subnets and Organizations.
  2. Click New Subnet.
  3. In the Create a Subnet section, enter the CIDR subnet range (for example, 192.168.34.0/24) or the start and end of an IP address range (for example, 192.168.34.1 and 192.168.34.88).
    An end IP Address is required when you do not enter a CIDR subnet range.

Screen shot of Manage Subnets page, ThreatSync+ NDR, Create a Subnet

  1. In the Organization text box, enter a name for the address range.
    The organization name shows in other summary and detail pages.
  2. From the Device Type drop-down list, select a default device type and icon to used in the user interface for this range (for example, a computer, server, or gateway).
  3. In the Organization Tags text box, enter a label to further describe the system in the address range.
    Organization tags are useful to group assets.
  4. If the addresses in this range are allocated by your DHCP servers, select the Managed by DHCP check box.
    This helps improve network analytics.
  5. Click Save.
    The new subnet or IP address range shows in the list. You can filter the list and export the list to CSV file. To edit an existing IP address range or subnet, click next to the row you want to edit. Click to delete the IP address range or subnet.

Related Topics

Configure ThreatSync+

ThreatSync+ NDR Best Practices