If you use a virtual LAN (VLAN), you can configure your Symantec Endpoint Detection and Response appliance to inspect the network traffic that includes VLAN tags.

To configure your appliance in an environment that uses VLAN trunking, you must position your appliance between your VLAN router (or firewall) and your VLAN subnets.

When configuring your scanner for inline monitor or inline block mode, you must configure your network interface settings so that the Gateway points to your VLAN router (or firewall), and the IP address points to the subnet that is associated with your native VLAN. (You must have a VLAN subnet to implement this solution.)

See Configuring network interface settings and enabling scanning.

To test this configuration, make sure that you can ping your Symantec EDR appliance from with the VLAN subnets.

Note:

The VLAN ID of the VLAN that detects an event appears on the Event Details page. If you have stacked VLANs, only the outer VLAN ID appears.
Legacy ID: v119272547_v128921691

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.