Pathfinder support for multiple domains in a single subnet (IP Range)
Symptom
Customer would like to support multiple domains in a single subnet (IP Range) by Pathfinder.
Cause
Pathfinder configuration supports one set of credentials. In case of multiple domains in a single subnet (IP Range), each domain requires its own credentials.
Resolution
Where there are multiple domains in an organization, the recommended practice is to define different IP Ranges (subnets) for each domain.
For each IP Range, you can then define an asset and a per-asset Pathfinder configuration, and use the appropriate domain's credentials.
In some cases, the domains may belong to a single subnet and it is not possible to define different assets for different domains. In this case, follow the steps below:
Define one asset over the desired IP range, define Pathfinder configuration for this asset with one domain credentials.
Use the second domain credentials in the Default configuration.
Alternatively, you can also define an IP range slightly larger than the first (can't be identical) and use the second domain credentials in another per-asset configuration for this larger IP range.
Why this solution works: Pathfinder would first attempt to use the configuration that matches the smallest IP Range that contains the device to be scanned; if failed, Pathfinder would attempt to use the configuration of a higher-level subnet and eventually would fall back on the default configuration.
Detailed walkthrough:
Define an asset:
Configuration->Network Coverage->Configure Internal IP Ranges:
To add a new IP Range, export the list to Excel or CSV.
Adde the desired IP Range to the file, assign it a name in the Asset column and an Assigned Pathfinder VM (you can also click the "Assign <Pathfinder VM> to all IP Ranges" if you have only one Pathfinder VM). Once done, save the file and Import import it into Magnifier.
Define Pathfinder Configuration for the new Asset:
Configuration->Pathfinder->Per Asset Configuration:
Select the new Asset and click Override:
A new tab will open, called "<Asset Name> Configuration". In this tab, define the credentials for the first domain:
In the Default Configuration define the credentials for the second domain.
Alternatively, you can define another IP Range that is slightly larger than the first, assign it an Asset name and Pathfinder VM as described above and define the second domain's credentials in this Asset's Pathfinder Configuration.