Any other way to update Building apart from network segment ?

May
Contributor III

Hi all

I had been using the network range of our Firewall to tell if a Mac was external to our network or not and it would update the building accordingly. Unfortunately that's now changed and there's no fixed range to tell if a Mac is external, i've looked at the 2 built in EA's of Last reported IP and IP and i can make a smart group based on these to tell if the Mac is external or not but what i'd ideally like to do is have the Building update based on these as they're updated every 15 minutes at check in (rather than any EA i make which will only update at recon).

Is there any way to update the building details outside of using the network segments ?

1 ACCEPTED SOLUTION

chriscollins
Valued Contributor

@May Do your network segments for your internal IP ranges still work properly?

The reason I ask is you don't necessarily need to know the ranges of your external IP addresses to tell if they are external or not. Network segments are assigned in order of the ranges with the least amount of IP addresses.

So lets say you have two internal segments: 10.49.4.x, and 10.2.1.x, and you have different network segments set up for both ranges with different buildings set.

If everything else would be external, what you can do is create a catch all network segment that has a range of 1.1.1.1 - 255.255.255.255 which is basically all IP addresses and you could set its building to "External" or whatever you were using.

If your client had an internal IP say 10.49.4.10, technically it would fall under the all encompassing external network segment, but it would also fall under your 10.49.4.x segment. Since the latter segment has a narrower range of IP addresses, it takes precedent over the all encompassing one.

This is how we deal with setting default distribution points for internal clients vs external clients.

View solution in original post

2 REPLIES 2

chriscollins
Valued Contributor

@May Do your network segments for your internal IP ranges still work properly?

The reason I ask is you don't necessarily need to know the ranges of your external IP addresses to tell if they are external or not. Network segments are assigned in order of the ranges with the least amount of IP addresses.

So lets say you have two internal segments: 10.49.4.x, and 10.2.1.x, and you have different network segments set up for both ranges with different buildings set.

If everything else would be external, what you can do is create a catch all network segment that has a range of 1.1.1.1 - 255.255.255.255 which is basically all IP addresses and you could set its building to "External" or whatever you were using.

If your client had an internal IP say 10.49.4.10, technically it would fall under the all encompassing external network segment, but it would also fall under your 10.49.4.x segment. Since the latter segment has a narrower range of IP addresses, it takes precedent over the all encompassing one.

This is how we deal with setting default distribution points for internal clients vs external clients.

May
Contributor III

@chriscollins

Yes, our internal ranges are all reporting correctly,
i've just tested your approach and it works perfectly, you've just made my day, thank you so much!!