IP range polling
Oct 23, 2023
Kaspersky Security Center Cloud Console attempts to perform reverse name resolution for every address from the specified range to a DNS name using standard DNS requests. If this operation succeeds, the server sends an
ICMP ECHO REQUEST (the same as the ping command) to the received name. If the device responds, the information about it is added to the Kaspersky Security Center Cloud Console database. The reverse name resolution is necessary to exclude the network devices that can have an IP address but are not computers, for example, network printers or routers.
This polling method relies upon a correctly configured local DNS service. It must have a reverse lookup zone. If this zone is not configured, IP subnet polling will yield no results. On the networks where Active Directory is used, such a zone is maintained automatically. But on these networks, IP subnet polling does not provide more information than Active Directory polling. Moreover, administrators of small networks often do not configure the reverse lookup zone because it is not necessary for the work of many network services. For these reasons, IP subnet polling is disabled by default.
Initially, Kaspersky Security Center Cloud Console gets IP ranges for polling from the network settings of the distribution point device which is used for network polling. If the device address is 192.168.0.1 and the subnet mask is 255.255.255.0, Kaspersky Security Center Cloud Console includes the network 192.168.0.0/24 in the list of polling address automatically. Kaspersky Security Center Cloud Console polls all addresses from 192.168.0.1 to 192.168.0.254.
It is not recommended to use IP range polling if you use Windows network polling and/or Active Directory polling.
Viewing and modifying the settings for IP range polling
To view and modify the properties of IP range polling:
- In the main menu, click the settings icon () next to the name of the required Administration Server.
The Administration Server properties window opens.
- On the General tab, select the Distribution points section.
- Click the name of the distribution point that you want to use to poll the network.
The distribution point properties window opens.
- Select the IP ranges section.
- Enable or disable IP polling by using the Enable range polling toggle button.
- Configure the polling schedule. By default, IP polling runs every 420 minutes (seven hours).
- If necessary, add or modify IP ranges to poll.
When specifying the polling interval, make sure that this setting does not exceed the value of the IP address lifetime parameter. If an IP address is not verified by polling during the IP address lifetime, this IP address is automatically removed from the polling results. By default, the life span of the polling results is 24 hours, because dynamic IP addresses (assigned using Dynamic Host Configuration Protocol (DHCP)) change every 24 hours.
- Click the OK button.
The properties are saved and applied to all IP ranges.