Connect OT Security to the Network

You can use OT Security for both Network Monitoring and Active Query. Make sure that you prepare your network infrastructure accordingly. For more information, see Network Considerations.

Management and Active Query

Connect the selected network interface to a network switch interface configured to allow management connectivity to the ICP as required.

Make sure to configure an IP address and other connectivity settings on the selected OT Security appliance interface via Tenable Core.

If you want to separate the Management and the Active Query roles, make sure each selected interface is connected to its dedicated switch interface. Assign IP addresses for each and configure the switch interfaces as needed to allow network reachability for both functionalities.

For more information, see Management and Active Query Roles Separation (Split-Port).

Network Monitoring

Connect one or more of the appliance interfaces selected for passive network monitoring to a configured port-mirroring destination (SPAN/RSPAN) interface on a network switch. You must configure port-mirroring to allow proper visibility of the OT network protocols and communications.

Note: You can use OT Sensors or Encapsulated Remote SPAN (ERSPAN) to capture traffic that cannot be directly monitored by the appliance interfaces.

To connect the OT Security appliance to the network: