Step 1: Configuring Ivanti Profiler
Ivanti Policy Secure includes a built-in device Profiler that can automatically detect and classify all devices on the network using DHCP-fingerprinting, SNMP discovery and HTTP-UA fingerprinting.
Once you are logged in to the web-based Admin Console, configure the in-built Profiler using the steps shown below.
- Navigate to Authentication > Auth Servers page.
- Select Local Profiler from the server type drop-down and click New Server.
- Enter a name for the Auth. server.
- Click Browse and upload the device fingerprints package.
- Click Save Changes to save the configuration settings. Please be patient; this operation may take a few minutes to complete.
Step1.1: Discover devices using DHCP
Devices on the network that have DHCP-based IP addresses are automatically profiled by the Profiler as they connect to the network. However, to enable this type of profiling, you need to ensure that all the DHCP requests are forwarded to the internal port of the Ivanti Policy Secure – this configuration needs to be done on one or more switches in your network.
Configure DHCP relay on switches to forward DHCP packets to Ivanti Policy Secure. See Profiler Deployment Guide for more information.
Navigate to System > Reports > Devices Discovery to start seeing devices on the network. The discovery process may take from a few minutes to a few hours depending on the network.
Step1.2: Discover devices using SNMP
To discovery and profile devices with static IP addresses, you need to add one or more SNMP-enabled switches in the SNMP management page of the web based Admin Console.
- Select Authentication > Auth Servers > [Local Profiler]. Set the SNMP Poll interval to 5 mins. Click on Save Changes.
- Click on the SNMP Device link in the help text for SNMP Poll Interval. Enter information about the switch. If SNMP switch is only used for Profiling endpoints, do not select the SNMP Enforcement check box.
- Save the changes. The SNMP Device Configuration table should get updated with the new switch information. Status should be GREEN.
- Wait for 15 minutes for the new polling interval to take effect, or restart services using Maintenance > System > Platform > Restart Services button so the new configuration is active immediately after restart.
Navigate to System > Reports > Devices Discovery to start seeing devices with static IP addresses on the network. Profiler will periodically poll the switches to ensure that new devices get profiled as they connect to the network.