Skip to main content

NX Witness Merged Systems server communation

Answered

Comments

3 comments

  • Norman
    • Network Optix team

    Hi nar ter,

    Please check THIS support article, about the server hive architecture, to get an idea which information is shared among servers within a system and how.

    If a system is connected to the Nx Cloud, the cloud relay servers will be used for the hive synchronization.

    Disconnect the system from the Nx Cloud, and you can route all information as desired with the help of VLAN or other network configurations.

    0
  • nar ter

    Hello Norman ,

    We need urgent support for this as the client has security concerns.

    All the branch servers which are merged to the HQ server are continuously applying and sending traffic to the client's real ip address on port 7001 TCP (alot of servers and alot of requests to the real ip)

    What could be the reason ? Is there a specific configuration in NX ? how NX servers have learnt the real ip addresses of the client ? 

    Note: -The client has restricted internet access on the branch server's already.

             -  No NX Cloud connections

             - The above article mentions that synchronization happens using http protocol .So what is that tcp 7001 traffic from each branch server to the outer real ip address ?

           -  I have disabled "update client automatically" and "time synchronization from internet" settings , on the HQ system 

     

     

          Thank you

     

    0
  • Norman
    • Network Optix team

    Hi nar ter,

    Thank you for reaching out to us. We appreciate your concerns regarding the given information, but with limited details provided, it becomes challenging to provide accurate assessments.

    It is important to note that the system utilizes genuine IP addresses for communication, as this is the standard method for devices to interact over a network or the internet. Blocking such communication is neither feasible nor recommended.

    If a VLAN has been properly set up, and external communication is restricted while also avoiding the use of cloud connections, there should be no communication outside the internal network. Although there might be occasional attempts, they should ultimately fail if you carefully examine the responses to these requests.

    It is possible that the option Send anonymous usage and crash statistics to software developers is enabled, which could result in traffic outside the internal network. However, in most cases, this would also fail if the outside network is blocked.

    To gain a better understanding of the issue at hand, it would be beneficial to have a clear overview of the current network topology and to identify the specific packets that are deemed suspicious.

    Please provide us with any additional information you can share so that we can assist you more effectively. We are here to help and resolve any concerns you may have.

    Best regards.

    0

Please sign in to leave a comment.