Note: This is an advanced setup guide. If you would like assistance setting up On-Premises Client Detection, please contact our Tenable Customer Support Team.

Auto Location Creation and On-Premises Client Detection once enabled and configured, allows you to group subnets into a single Location and optimize WAN downloads and better control LAN content sharing, or to enable the creation of Business Units or Groups based on a Location.

TPM Self-hosted automatically creates a Location when the Tenable Patch Client directly communicates with the Tenable Patch Server, across the company network. If the Tenable Patch Client cannot communicate directly, it sends messages to Tenable Patch Cloud Services to relay them to the Tenable Patch Server, and then the Tenable Patch Client is placed in an Internet Location based on its public IP address.

In the SaaS environment by default, the Tenable Patch Client communicates directly with the SaaS tenant using HTTPS and automatically creates an Internet Location based on the Public IP Address of the client. The system does not display Internet Locations in Assets > Locations. It always configures Internet Locations as Wi-Fi and uses unicast to communicate with all devices on the subnet. As a result, you cannot define Business Units and Groups using Locations. Additionally, you cannot group subnets together to reduce the number of downloads to a given Location.

The following sections help to guide you through how to set up client detection on TPM Saas.

Note: Internet Locations are not available on the Locations page.

Enabling Auto Location Creation

When a Tenable Patch Client registers with the server for the first time, the server checks for an existing location with an IP range that matches the client. If it does not find an existing location, the server automatically creates a location using the IP address associated with the client and subnet mask. The Auto Location Creation feature on the Locations page controls this behavior. Follow the steps below to toggle ON Auto Location.

By default the Auto-Location is set to the Central office.

Note: Auto Location Creation is disabled by default.

1. Select Assets > Locations from the side bar navigation.

2. Select Auto Location Creation from the More dropdown.

3. Toggle ON Auto Location Creation Enabled.

Allowed Auto Location IP Ranges

When you enable Auto Location Creation, you can specify which IP ranges are allowed to create an auto location.

1. Toggle ON Restrict IP Ranges.

2. Select +Create IP Range to enter the subnet ranges.

3. Click Create IP Range.

4. Click Save.

Setting up On-Premises Client Detection

1. Select On-Premises Client Detection from the More dropdown.

2. Configure one or more of the following Client Detection Settings:

3. ICMP Target

   1. Select either Hostname or IP address.

   2. Enter the information for a device on the company network that the Tenable Patch Client can ping using ICMP.

4. DNS Targets

   1. Enter a DNS Target and click Save DNS Target.

5. Public IP Ranges

   1. Then, select +Create IP Range to enter the Public IP ranges and click Create IP Range.

   2. Click Save.

Adding IP range(s) to the Central Office Location

After completing the preceding steps, you must add an IP range to the Central Office Location, or a desired Location.

1. Select Edit from the more options dropdown next to the Location in the Locations tab.

2. Click +Create IP Range.

3. Add in the IP Range(s) of the Internet clients created in the On-Premises Client Detection steps above.

4. Click Create IP Range.

5. Click Save.

The system adds clients that match the defined options to auto-created Locations based on their internal IP addresses. You can then manage these Locations as needed.