How to restrict IPv6 analysis of host?

Hello

When I checked the Eligible for Licensing at Setting >> Device Limit, I found one host consume four license because the host is having three IPv6 address.

I don’t want to waste the license capacity because of IPv6 communication, especially link-local and site-local address that are used for internal communication.

Is there any way to restrict EDA not to analyze these kind of IPv6 communication?

Regards,
Jaeseog

Hi Jaeseog,

Some options below:

  • Is there any means by which you can remove the IPv6 traffic corresponding to end PCs from the data feed to ExtraHop? That will automatically eliminate those MAC and IPv6 addresses from being discovered
  • You can add critical devices to a “Device whitelist” so that ExtraHop will always analyze and store L2-L7 metrics for those selected devices even if the device count is exceeded.
1 Like

Thanks to your advice.

Though the second comments is proper to me, I have some questions about it before applying. It would be great if you give some more advices. ^^

  1. How many devices can be whitelisted per EDA?
  2. Is there any weak point if I use ‘whitelist’ option?

Regards,
Jaeseog

Hi Jaeseog,

  1. You can find the device safety limit in the Admin UI on the License page. The Admin UI is accessible to any user with “Full System Privileges”, such as the setup user, and can be found by clicking the Settings icon in the upper right and then clicking “Administration”
  2. Using whitelisting will require you to individually identify each device you would like full analysis for. Filtering the traffic before it reaches the ExtraHop will not require this step.

Thanks,
Ted