Service Manager
Using Netscan
Netscan discovers machines on the network and is bundled and installed only with the Gateway Data Center edition. Netscan discover routers and switches on an ethernet network.
Only Administrators, Discovery Managers, and Discovery Analysts have access to these workspaces.
When you install a gateway, you must provide administrator account credentials for the machine on which you are installing the gateway. This allows it to discover machines, use WMI to audit them, and deploy client agents to other machines on the network. For information about gateways, see Installer Downloads and Gateway Workspace Settings.
If you do not install any client agents, Netscan returns only IP addresses and names of devices. Netscan has the following features:
•Supports SNMP V1, V2C, and V3. Users can configure multiple protocols.
•Discovers routers and switches.
Netscan scans within a subnet (or IP range) to check for devices. Once a device is found you can audit the machine by deploying a client agent to the machine. See Deploying Agents to Other Computers.
Entering Netscan IP Ranges
The Netscan IP-Ranges tab is available only if you installed the gateway data center edition.
Netscan sends a ping request to the IP addresses or ranges that you specify. It uses WMI to survey the discovered machines to get operating system and execution environment information. You can do the following:
•Specify the subnet client computers that are associated with a gateway. LanProbe interrogates physical servers and clients only within a subnet, while Netscan pings virtual devices in the entire network.
•If WMI is not available, Netscan uses SNMP. For SNMP, you must specify the community strings.
•Exclude specific IP addresses from being scanned.
•Using WMI, Netscan retrieves the model, serial number, and manufacturer for a machine and operating system for a Windows machine.
•Using SNMP, Netscan recognizes computers, servers, printers, switches and routers; other devices such as UNIX or AIX machines are identified as unknown devices.
Follow these steps:
1. Log in to Service Manager as a Discovery Manager or an Administrator.
2.Open the Gateway workspace. A list of gateway computers or a default gateway computer record is displayed.
3.Double-click to open the gateway to manage. The Gateway workspace opens.
4.From the Netscan IP-Ranges tab, click New IP-Range. The New IP-Range window opens.
5.Enter information into the following fields:
| Field | Description |
|---|---|
| Name | A unique name for this range. |
| Range |
A range of IP addresses for Netscan to ping. Use one of the following two IP range examples: Use a dash to include a range (from - to), for example, 192.168.0.1-192.168.0.200. Use a slash to denote an IP range for a subnet mask, where the number after the slash denotes the bit range. For example, 24 bits is entered as follows: 192.168.0.0/24. This range covers all machines that have an IP address from 192.168.0.1 to 192.168.0.200 |
| Excluded IPAddress | a list of comma-delimited IP addresses that you would like to exclude from being scanned by Netscan. |
6.Click Save.
7.From the toolbar, click Deploy Settings. The settings are deployed.
Validating the IP Range Field
If you enter an IP range on the Netscan IP-Ranges tab in the Gateway workspace in an incorrect format, it leads to unwanted behavior in Netscan. To guard against incorrect IP address ranges, add a regular expression validation rule as follows:
All rules fire when they are added or edited. So this rule will fire when it's added, or when the rule is edited, or if any changes are made and saved.
1.From the Configuration console, click Build > Business Objects to open the Business Objects workspace.
2.Open the FRS_IPRange business object.
3.Click the Business Rules tab.
4.Expand the Regular Expression Validation Rules heading and click the add icon 
to add a regular expression validation rule.
5.Enter information into the following fields:
| Field | Description |
|---|---|
| Field Name | Name of the field. Select Range. |
| Expression Type | The expression type. Select Custom. |
| Custom Expression |
Enter the following custom expression or click the link to open the IPAddress_Range_Validation_Regular_Expression file: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])((-(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))|(\/(([0-9]|[1-2][0-9]|3[0-2])|(((128|192|224|240|248|252|254)\.0\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0)|255\.(0|128|192|224|240|248|252|254)))))))))$ |
| Error Message |
The error message to display. For example, enter IP Address range is not valid. The valid formats are start_ip - end_ip. For example, 192.168.1.1 - 192.168.1.255.
For subnet masks, enter a format such as: 192.168.1.0/24 or 192.168.1.0.255.255.255.0. |
| Name | A name for the rule, such as IP address range regex validation rule. |
| Description | The description. An example is regex validation rule. |
| Disable Rule | Disables the rule. |
6.Click Save. Once added, the rule automatically allows you to see whether a new or edited IP address or subnet mask range is entered correctly.
Entering Netscan SNMP Protocols
The Netscan SNMP Protocols tab is available only if you installed the gateway data center edition.
If a WMI connection is not available, then Netscan uses SNMP. For SNMP, you need to specify the community strings, as described in the following procedure.
1. Log in to Service Manager as a Discovery Manager.
2.Open the Gateway workspace. A list of gateway computers or displays a default gateway computer record is displayed.
3.Open the gateway to manage. The he Gateway workspace opens.
4.From the Netscan SNMP Protocols tab, click New SNMP Protocol. The Edit SNMP Protocol window opens.
5.Enter information into the following fields:
| Field | Description |
|---|---|
| SNMP Version | The SNMP version. |
| Port | The port number. |
| Community String (V1, V2) | The community string, which is the password to read SNMP data. |
| User Name (V3) | The user name. |
| Security Level (V3) | The security list. Select an option from the list. |
| Authentication Protocol (V3) | The authentication protocol. Select an option from the list. |
| Authentication Password (V3) | The authentication password. |
| Privacy Protocol (V3) | The privacy protocol. Select an option from the list. |
| Privacy Password (V3) | The privacy password. |
| Context Name (V3) | The context name. |
| Context Engine ID (V3) | The context engine ID. |
6.Click Save.
7.From the toolbar, click Deploy Settings. The settings are deployed.
Using Netscan to Scan the Network
You can use Netscan to ping computers on a network by using the following process.
1.Log in to Service Manager as a Discovery Manager.
2.Open the Gateway workspace and select a gateway from the list (if there is more than one). If only one gateway the system will automatically open the default Gateway record.
3.From the Netscan IP-Ranges tab, click New IP-Range. The New IP-Range window opens.
4.Enter the information for the range of IP addresses you want to scan. For more information about which choices to make, see Enter information into the following fields: under Entering Netscan IP Ranges.
5.Click Save.
6.From the toolbar, click Deploy Settings. The settings are deployed and the scan begins.
Once the scan is complete, any computers that are discovered, are listed. Using SNMP, Netscan recognizes computers, servers, printers, switches and routers; other devices such as UNIX or AIX machines are identified as unknown devices since configuration item type or operating system type are not detected. See Viewing Discovered Assets and Changing the Type.
After you generate a list of computers that are not audited, you can manage these computers by deploying an agent to them (see Deploying Agents to Other Computers) or by auditing them remotely (see Running an Agentless Audit).
In some instances, NetScan reports devices as unknown. This occurs when the ping discovery succeeds but the WMI or SNMP queries do not. If this occurs, select the Do not create CI if NetScan interrogation fails option for the gateway from the Gateway workspace. For more information, see Details.
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.