What's the difference between a Host and a Device?
Overview
ETM products make a distinction between host and device. This distinction is important in a few instances:
- Subscription seat count is determined by number of hosts, not devices
- Rules which affect hosts do not necessarily affect devices and vice versa
- Tags applied to a host will stay with that host, even if the IP address is assigned to a different device
- Tags applied to a device will remain with that hardware appliance regardless of the IP address (host) it has
What is a host?
Host refers to a unique IP address which is passing traffic through your appliance.
In NG Firewall, you can view all current & recent hosts in the Hosts viewer at the top right-hand corner of the screen.
Active state
A host is considered "active" while it has active sessions and is currently passing traffic. Once that host has no active sessions, it is no longer "active" but remains in the Hosts viewer for at least 24 hours. Hosts which have tags applied may remain in the viewer much longer.
Entitled state
"Entitled" means that the host is being processed & filtered through NG Firewall applications. Hosts which are not entitled include bypassed hosts and any in excess of your subscription's license count.
Entitled state lasts until a host stops actively passing traffic and for 24 hours from that point. After 24 hours, the entitlement is removed from that host until it begins passing traffic again.
In the case of subscriptions with limited license counts, the entitlement "slot" will be made available to other hosts.
How do hosts count against my subscription?
Your subscription count measures the number of allowed hosts. For example, if you have an "up to 500" subscription, your NG Firewall will process up to 500 individual hosts. Any hosts in excess of the subscription count will be automatically bypassed: they are still able to reach the internet, but are not filtering & protected by any NG Firewall applications.
Username associations
If you are using the Username Login Script or have integrated your NG Firewall with Active Directory, the username NG Firewall receives is associated to the host IP address.
What is a device?
Device refers to a MAC address, also known as a "hardware address". It is a unique identifier associated with the network adapter.
The Devices viewer in the top right-hand corner shows a historical list of devices and will include every device the NG Firewall has ever seen.
Why do devices matter?
You can create rules based on devices/MAC addresses. This can be helpful in environments which use DHCP, have frequent lease expirations & reassignments, and are not using DHCP reservations.
FollowComments
2 comments
Please sign in to leave a comment.
I'd like to edit all my host names in the device list, but i know them by IP, can i change the view so that IP can be listed in the "devices" table?
Tom,
Unfortunately not. The devices are MAC addresses. The IP is dynamic and cannot be listed in that table as it is a permanent table.
You can look them up in the host table by the IP, get the MAC, and then look for that in the devices table.