Home network tab

The home network defines the IP address ranges that are considered to be internal to the VMware NSX Network Detection and Response installation.

You view and modify these values on the Home network tab. In the Sensor category, select the correct License from the pull-down menu, and then select Sensor from that pull-down menu. In the IP Ranges text block, enter a single IP address, a range of addresses, or a network in CIDR notation. For example:

  • 1.1.1.10

  • 192.168.1.12-192.168.1.25

  • 192.168.0.0/16

Type Return to add an entry. Click cancel/close to delete an entry. Click the Save button to update the home network.

How the home network is used

The home network configuration plays an important role in the system. It can be used to filter the detections displayed inside the home network, outside of it, or both. This filter is available in most views.

The home network setting can also be used to filter the notifications sent out. This applies to Email notifications, for example. Notifications are not sent out for detections on hosts outside the home network.

Note:

The home network is used to trigger lateral movement rules. If you do not configure a home network, the system defaults to RFC1918 ranges (private ranges such as 10.x.x.x and 192.168.x.x).

Also see Home network.

Home network and host silence

In addition to the home network, you can silence specific hosts or a range of hosts (see Silenced IP range tab). Use the “Hide silenced hosts” flag in the display settings to hide detections on the silenced hosts.

The home network interacts with host silencing in applying campaign correlation rules:

  • All campaign correlation rules ignore events that happened on hosts outside of the home network, either the configured or the default home network.

  • If host silence is configured, all campaign correlation rules ignore events that happened on silenced hosts.

The logic for filtering is based on home network and host silence, even if sensors are part of a sensors group. This is the same logic that is currently applied in the UI for events selection.

Notifications can also be filtered using host silencing.

Note:

A better method of filtering hosts is to use the Alert management rules tab.