Connect OT Security to the Network

You can use OT Security for both Network Monitoring and Active Query. Make sure that you prepare your network infrastructure accordingly. For more information, see Network Considerations.

Management and Active Query

Connect the selected network interface to a network switch interface configured to allow management connectivity to the ICP as required.

Make sure to configure an IP address and other connectivity settings on the selected OT Security appliance interface via Tenable Core.

If you want to separate the Management and the Active Query roles, make sure each selected interface is connected to its dedicated switch interface. Assign IP addresses for each and configure the switch interfaces as needed to allow network reachability for both functionalities.

For more information, see Management and Active Query Roles Separation (Split-Port).

Network Monitoring

Connect one or more of the appliance interfaces selected for passive network monitoring to a configured port-mirroring destination (SPAN/RSPAN) interface on a network switch. You must configure port-mirroring to allow proper visibility of the OT network protocols and communications.

Note: You can use OT Sensors or Encapsulated Remote SPAN (ERSPAN) to capture traffic that cannot be directly monitored by the appliance interfaces.

To connect the OT Security appliance to the network:

Tenable-provided hardware appliances may come with various quantities and types (RJ45 or SFP) of network interfaces. OT Security comes pre-installed with the default interfaces selected for each role. You may change this configuration at a later stage as required.

On non-Tenable-provided hardware, you must select interfaces for each role before manually initiating the OT Security installation process. Make sure to correctly utilize the available interfaces for each role.

If you deployed the appliance using the .ova file, the appliance comes pre-configured with four network interfaces. You can add additional network adapters/interfaces during the deployment or at a later stage.

If you deployed a custom virtual appliance using the .iso or .zip (Hyper-V) file, configure the required number of network interfaces.

Make sure to configure the virtual machine as per the requirements described in System Requirements. For more information on configuring networking on virtual machines, see the VMware documentation or the Hyper-V documentation.