All about hostnames in NG Firewall
Overview
Many devices have a hostname that identifies them. A hostname is generally user-configurable and uses both letters and numbers to "name" the device. Some examples might be JSmith-laptop, mailserver, or Living Room TV.
In comparison to other attributes like IP address or MAC address, hostnames are usually more human-readable and can simplify device identification.
How does NG Firewall obtain hostnames?
Hostnames are acquired when the device first connects to the network. NG Firewall uses a number of different methods to get the device's hostname.
- The device itself may report its hostname when it joins the network or domain.
- If the device is connecting via OpenVPN, the OpenVPN service can report its hostname.
- If the device is part of an environment that is integrated with Active Directory, the Active Directory Login Monitor agent will report its hostname along with username & host IP address.
- NG Firewall can also get a hostname via a reverse DNS lookup, conducted when we first see the IP address communicating in the network. See below for more details.
- If NG Firewall doesn't get a hostname from one of these sources, it waits for a DHCP lease request from the device. Some devices will report their hostname when requesting a DHCP lease.
- If none of the above methods result in a hostname, NG Firewall will check its Devices table to see if the device had previously connected with a specific hostname. If one is found, NG Firewall will re-associate that hostname to the device.
- Finally, NG Firewall checks its own Name Map, found in Apps > Reports > Name Map. This feature enables the admin to set hostnames manually within NG Firewall.
If no hostname is found using any of the above methods, NG Firewall will not associate one to this host. Depending where one is looking in the NG Firewall UI, this can display as a blank "Hostname" field or one with the host's IP address.
You can see where a hostname came from in the Hosts viewer, displayed in the Hostname Source column.
Does NG Firewall automatically update hostnames?
It does not. Whatever hostname is associated with the host when it first communicates in the network remains associated with that host.
If you have CLI access, you can force NG Firewall to drop the contents of its Hosts table, clearing all stored hostnames and allowing them to repopulate. The script to do so is here: Clear Hosts and Devices
What if I have a domain or internal DNS server?
You can create reverse DNS lookups in Config > Network > DNS Server > Domain DNS Server. The correct format for the Domain entry will be the subnet with its octets in reverse order, followed by in-addr.arpa. For example:
Local Subnet | Reverse DNS Domain |
192.168.2.0/24 |
2.168.192.in-addr.arpa |
172.16.0.0/16 |
16.172.in-addr.arpa |
With a Domain DNS Server set up, NG Firewall will query the specified server(s) when a new IP address communicates on the network. This reverse DNS query should provide a hostname to NG Firewall, if the DNS server is able to provide one.
Follow
Comments
0 comments
Please sign in to leave a comment.