What is Switch Plugin in Forescout?

The Switch Plugin is a component of the ForeScout CounterACT® Network Module. It enables better visibility and control over endpoints connected to network switches by integrating with the network's switching infrastructure.

Features of Switch Plugin:

1. Track Endpoint Location:

   • The Switch Plugin allows you to track the location of endpoints connected to network switches.

   • It retrieves relevant switch information such as the IP address and port of the switch to which an endpoint is connected.

2. Quick Detection of New Endpoints:

   • The plugin quickly detects new endpoints on the network.

   • It receives notifications of port status changes via SNMP traps, alerting the CounterACT Console.

3. Assign Switch Ports to VLANs:

   • You can assign switch ports to specific VLANs.

   • It supports dynamic, role-based VLAN assignment policies and quarantine VLANs.

4. Access Control Using ACLs:

   • The plugin allows you to use ACLs (Access Control Lists) to open or close network zones, services, or protocols for specific endpoints at the switch.

   • This helps handle broader access control scenarios effectively.

   • 
     

If Used with a Single Appliance:

• The Switch Plugin can be utilized with a single appliance to streamline endpoint management and enforce security policies at the switch level.

Communication Between the Switch Plugin and Switches

• Switch Port Attributes & Endpoint Information:The Switch Plugin retrieves switch port attributes and information about connected endpoints to maintain visibility and control.

• ARP Table for Endpoint Discovery:The Switch Plugin uses the ARP table to discover new endpoints connected to the switch, ensuring accurate tracking of network devices.

  
  

Switch Information Transfer Methods:

• SNMP (Simple Network Management Protocol)

• CLI (Command Line Interface)

• Both SNMP and CLI can be used for transferring switch information to the CounterACT system.

  
  

Access Control Lists (ACLs) Applied on a Switch:

The Switch Plugin offers CounterACT operators the following ACL capabilities for managing switches:

1. Endpoint Address ACL Action:Allows the application of ACLs based on the endpoint’s IP address.

2. Access Port ACL Action:Enables the application of ACLs on specific access ports of the switch.

3. Pre-Connect Mode:This mode allows configuration of ACLs before the endpoint is fully connected to the network.

   
   

Additional Information:

• Failover Clustering:

  
  

  The Switch Plugin supports CounterACT's Failover Clustering functionality, ensuring the continued operational availability of the CounterACT service in case of failure or downtime.