Enforcement Connection

Threat Mitigator and Enforcement Device Connection

Security enforcement relies on uninterrupted connection between Threat Mitigator and the enforcement device. If there is no connection, Threat Mitigator will not be able to notify the enforcement device to quarantine an endpoint or release it from quarantine. It is therefore a good practice to verify the connection periodically. This topic discusses how to verify the connection from Threat Mitigator.

This topic also discusses how to sever the connection permanently by unregistering the device from Threat Mitigator.

Connection Status

Verify the connection from the Threat Mitigator web-based console. In the console, the following information is available:

To verify the connection between Threat Mitigator and the enforcement device:

  1. Check the icon that appears under the Connectivity column. A green icon means that connection can be established, and a red icon if otherwise.

  2. If connection can be established, you can click the link under the IP address column to open the product console for the enforcement device.

  3. Restore the connection if connection cannot be established.

Unregistration

When an enforcement device is unregistered from Threat Mitigator, the Threat Management Agents managed by the device will report back to Threat Mitigator as soon as the connection between the agents and Threat Mitigator is established.

An agent on a quarantined endpoint will not be able to report back to Threat Mitigator because the endpoint is isolated from the network. Before unregistering, ensure that there are no quarantined endpoints. Check the Endpoint Status screen for a list of quarantined endpoints.

To unregister an enforcement device from Threat Mitigator:

  1. Ensure that there is connection between Threat Mitigator and the enforcement device. A green icon should appear under the Connectivity column.

  2. Click the trash bin icon in the last column.

See also: