Skip to content

Network Probe Installation

SenseOn primarily collects its network telemetry from its endpoint sensor. The majority of SenseOn customers do not use a network probe, as they are generally only used to provide coverage for Operational Technology (OT) or legacy systems within a Data Centre.

Should a probe be required, this guide details the requirements that must be met to install a SenseOn physical network probe within your network infrastructure. These probes facilitate the capture of network metadata associated with connections to/from endpoint devices that cannot host the SenseOn Universal Sensor via Deep Packet Inspection of traffic TAPped/mirrored to its capture interface.

For endpoint devices hosting the Universal Sensor, network metadata is captured using Deep Packet Inspection on the endpoint itself, which additionally allows this activity to be attributed to the user identity and process managing the interactions. Activity captured in this way is not duplicated by any hardware probes that may be deployed.

Technical Architecture

SenseOn network probes communicate with the central analytic appliance via a secure connection on port 1194, as shown in the figure below.

Architecture of SenseOn network probes

Firewall Requirements

A network probe’s primary IP must be permitted to connect outbound to the SenseOn master appliance on port 1194/tcp. The same IP should be made accessible on port 22/tcp (ssh) from a privileged access workstation or management jumpbox (i.e., it should be accessible to your systems administrators in case troubleshooting is required, but should not be accessible to the entire network). SSH access is not a requirement but is recommended if troubleshooting needs to be done and access to the virtual console is either not possible or not desirable.

Physical Probes

SenseOn Required Information for a Physical Probe

SenseOn probes are delivered pre-configured to run in your environment. They are shipped with three network interfaces; one management interface and two capture interfaces. One or both of the capture interfaces should be connected to a network TAP or mirror port so that the probe can perform its deep packet inspection of the network traffic of interest. The management port must be connected to a management network and able to communicate with the SenseOn cloud analysis appliance endpoint on port 1194.

To configure and ship the probe, SenseOn requires the following information. Please collate it and pass it to your SenseOn representative:

  1. Physical Network Interfacing
  2. Management Interfaces
    • Remote switch vendor model
    • If copper:
    • Interface type (RJ45/DAC/?)
    • If fibre optic:
    • Wavelength (860nm/1310nm/?)
    • Speed (1G/10G/?)
    • Fibre Type (OM1/OM2/OM3/OM4/OM5)
    • Duplex (Full/Half)

  3. Capture Interfaces

    • Remote switch vendor model
    • If copper:
    • Interface type (RJ45/DAC/?)
    • If fibre optic:
    • Wavelength (860nm/1310nm/?)
    • Speed (1G/10G/?)
    • Fibre Type (OM1/OM2/OM3/OM4/OM5)
    • Duplex (Full/Half)

  4. Management Interface Details

  5. Allocated IP Address
  6. Netmask
  7. Gateway Address

  8. Public IP address of the probe (for SenseOn to allow list)

  9. Shipping Details

  10. Contact Name
  11. Contact Number
  12. Address

Probe Installation

Once delivered, the appliance will need unpacking, racking, and cabling. The ports on the appliance are configured according to the network requirements provided.

Ports on SenseOn network probe

Diagram Rear Elevation

The connections indicated on the diagram are:

  • A. Power Supply. Both of these must be connected.
  • B. Management interface. These will have already been configured with the IP configuration provided.
  • C. Capture interfaces, which should be connected to the span/tap ports on the network switch.

Any port marked in the diagram with a circle with a line through it will not be in use or configured.

  1. Unpack the Appliance. Unpack the appliance, keeping all shipping materials in case they are later required. Your SenseOn Probe Appliance ships with a rack-mounting rail kit for installation in a 19” rack (standards ANSI/EIA 310-D-92, IEC 297 or DIN 41494).

  2. Power Connectivity. Your SenseOn Probe is equipped with a redundant power supply, which consists of two hot-swappable PSU components. For hot-swapping to occur, each of the two power supplies must be powered with its own chord. Note: both PSUs should be connected to a power supply.

  3. Connect Network Cables. The SenseOn Probe appliance requires one connected interface for administrative purposes, and one or more interfaces to capture traffic.

  4. Connect your management cable to port B
  5. Connect the capture cable from your switches to ports C.

  6. If you only have 1 capture interface, please plug this into port C1.

  7. Power On the Appliance. The appliance may be powered on with the power button at the right-hand side of the front of the appliance. This button is next to the power symbol ⏻, and will be illuminated in green when power is connected to the appliance.

Front of SenseOn network probe

  1. Confirm Connectivity. Once it has been connected and powered on, please contact either your Customer Success Manager or the SenseOn SOC via email or live chat so that connectivity can be confirmed. NB: The management interface will be password protected.

Virtual Probes

A virtual probe may be requested from SenseOn through your Customer Success Manager, or contact our 24/7 support team.

The probe will be built with the network connection settings you specify and will be provided as an Open Virtual Appliance (OVA) file.

When requesting a virtual probe, SenseOn will need the following details for the build:

  1. The IP address which the device will be using on your network. This should be an internal address on your network, to which you can ssh, and from which the appliance may communicate outbound to the SenseOn SaaS appliance (see firewall requirements above).
  2. The subnet mask and default gateway for this interface.
  3. The external IP address(es) from which traffic from the probe will egress (likely a public IPv4 address on the edge firewall of your network).
  4. The location to which the probe is to be deployed (e.g., “Data Centre 01 in Sandford”, or “The Swan Hotel”).
  5. The virtualization platform and version which the probe is to be deployed.