top of page
Search

How to work Switch Plugin in Forescout

  • Oct 6, 2022
  • 2 min read

Updated: Jan 19

What is Switch Plugin in Forescout?

The Switch Plugin is a component of the ForeScout CounterACT® Network Module. It enables better visibility and control over endpoints connected to network switches by integrating with the network's switching infrastructure.


Features of Switch Plugin:

  1. Track Endpoint Location:

    • The Switch Plugin allows you to track the location of endpoints connected to network switches.

    • It retrieves relevant switch information such as the IP address and port of the switch to which an endpoint is connected.

  2. Quick Detection of New Endpoints:

    • The plugin quickly detects new endpoints on the network.

    • It receives notifications of port status changes via SNMP traps, alerting the CounterACT Console.

  3. Assign Switch Ports to VLANs:

    • You can assign switch ports to specific VLANs.

    • It supports dynamic, role-based VLAN assignment policies and quarantine VLANs.

  4. Access Control Using ACLs:

    • The plugin allows you to use ACLs (Access Control Lists) to open or close network zones, services, or protocols for specific endpoints at the switch.

    • This helps handle broader access control scenarios effectively.


If Used with a Single Appliance:

  • The Switch Plugin can be utilized with a single appliance to streamline endpoint management and enforce security policies at the switch level.


Communication Between the Switch Plugin and Switches

  • Switch Port Attributes & Endpoint Information:The Switch Plugin retrieves switch port attributes and information about connected endpoints to maintain visibility and control.

  • ARP Table for Endpoint Discovery:The Switch Plugin uses the ARP table to discover new endpoints connected to the switch, ensuring accurate tracking of network devices.


Switch Information Transfer Methods:

  • SNMP (Simple Network Management Protocol)

  • CLI (Command Line Interface)

  • Both SNMP and CLI can be used for transferring switch information to the CounterACT system.


Access Control Lists (ACLs) Applied on a Switch:

The Switch Plugin offers CounterACT operators the following ACL capabilities for managing switches:

  1. Endpoint Address ACL Action:Allows the application of ACLs based on the endpoint’s IP address.

  2. Access Port ACL Action:Enables the application of ACLs on specific access ports of the switch.

  3. Pre-Connect Mode:This mode allows configuration of ACLs before the endpoint is fully connected to the network.


Additional Information:

  • Failover Clustering:


    The Switch Plugin supports CounterACT's Failover Clustering functionality, ensuring the continued operational availability of the CounterACT service in case of failure or downtime.


Tags

bottom of page