Configuring the Appliance IP Settings

Procedure

1. Go to Administration → System Settings → Network.
2. In Host name or FQDN, specify a host name or FQDN.

   Note If you are using SAML authentication, the Host name or FQDN must contain the domain name. Changing the Host name or FQDN affects SAML authentication.

3. (Optional) Select the option to use the host name instead of the IP address as the identity of this appliance.

   Important The host name must be resolvable within your network.

4. Select the IPv4 type.
   • Static IP address
   • Dynamic IP address (DHCP)

   Note Deep Discovery Inspector requires its own IP address to ensure that the management port can access the management console. To enable a DHCP server on your network to dynamically assign an IP address to Deep Discovery Inspector, select Dynamic IP address (DHCP). Otherwise, select Static IP address.

5. If Static IP address is selected, specify the following:
   1. IPv4 address: The numeric address specifically for Deep Discovery Inspector.
   2. IPv4 subnet mask: Indicates the subnet mask for the network that includes the Deep Discovery Inspector IP address.
   3. IPv4 gateway: The IP address of the network gateway.
   4. IPv4 DNS server 1: The IP address of the primary server that resolves host names to an IP address.
   5. IPv4 DNS server 2 (optional): The IP address of the secondary server that resolves host names to an IP address.
6. (Optional) Configure an IPv6 address.
   1. Select Enable IPv6 address.
      The IPv6 address settings appear.
   2. Specify the following IPv6 address settings:
      • IPv6 address: The alphanumeric address specifically for Deep Discovery Inspector.
      • IPv6 subnet prefix length: Indicates the prefix length for the network that includes the Deep Discovery Inspector IP address.
      • IPv6 gateway: The IP address of the network gateway.
      • (Optional) IPv6 DNS server: The IP address of the server that resolves host names to an IP address.
7. (Optional) Enable Always use TLS 1.2 or above.

   Important The appliance must be restarted after Always use TLS 1.2 or above is enabled or disabled. When enabled, Deep Discovery Inspector cannot connect to products/services that do not support TLS 1.2 and above.

   Note To be compliant with the Payment Card Industry Data Security Standard (PCI-DSS) v3.2, the appliance should use TLS 1.2 or above for all inbound and outbound connections. Ensure that the integrated products and services are using the latest version that support TLS 1.2 or above. For details, see TLS Support for Integrated Products/Services. Verify that the following products/services are configured to use TLS 1.2 or above. The ActiveUpdate server source at Administration → Updates → Component Updates → Source must use HTTPS. The Apex Central server address at Administration → Integrated Products/Services → Apex Central must use HTTPS. The syslog servers at Administration → Integrated Products/Services → Syslog must use SSL. The SMTP server at Administration → System Settings → SMTP must use SSL/TLS or STARTTLS. The Threat Intelligence Sharing service at Administration → Integrated Products/Services → Threat Intelligence Sharing must use only HTTPS (disable Share information using HTTP).

8. Click Save.