Network Considerations
The OT Security appliance (both physical and virtual) requires a few network connections, referred to as Interface Roles.
Management and Active Query Interface
This is an interface configured with an IP address that allows network reachability to manage and configure the appliance. This interface allows the appliance to reach assets on the network for active querying (recommended, but optional).
Management and Active Query Roles Separation (Split-Port)
You can split the Management and Active Query roles between two separate interfaces. This enables, for instance, a connection to an IT network for management purposes and a separate connection to an OT network to access the OT assets using Active Query.
For this purpose, prepare and connect two separate interfaces each dedicated to one of the roles.
Basic management connectivity to the ICP through the Active Query interface is allowed and operational as long as the ICP system allows network connectivity.
To finalize the OT Security setup, you require management connectivity. You can configure Split-Port and Active Query connectivity later.
On Tenable-provided hardware appliances, OT Security is automatically installed, with the default interface roles (combined management and Active Query roles).
Monitoring Interfaces
One or more network interfaces can be used for passive network monitoring. Passive monitoring (SPAN) interfaces:
-
Monitor and collect traffic for analysis
-
Must be connected to a Mirroring, Switch Port Analyzer (SPAN), or Remote Switch Port Analyzer (RSPAN) destination interface of a switch.