Users Guide
166 | Monitoring Dell Networking W-ClearPass Policy Manager 6.6 | User Guide
Configuring Nmap-Based Endpoint Port Scans
The Network Discovery scan feature supports running an Nmap-based scan on a host to detect open ports and
also to fingerprint the service(s) running behind those ports. This information is used in the device profile.
The steps to fully configure endpoint port scans using Nmap are as follows:
1. Enable Nmap-based endpoint port scans.
a. Navigate to Administration > Server Manager > Server Configuration > Cluster-Wide
Parameters.
The Cluster-Wide Parameters page opens.
b. Select the Profiler tab.
Figure 129: Cluster-Wide Parameters > Profiler Dialog
c. Set the Enable Endpoint Port Scans using Nmap parameter to TRUE.
For more information, see Profiler Parameters on page 561.
2. Configure SNMP, SSH, WMI settings for the subnets.
a. Navigate to Configuration > Profile Settings.
b. Configure SNMP, SSH, WMI settings for the subnets (see Adding the Configurations to Query Seed
Devices on page 154).
3. Initiate a network discovery scan configuring a seed device with Probe ARP entries enabled (see Initiating a
Network Discovery Scan on page 160).
4. When the Network Discovery scan is completed, select an endpoint (see Viewing the List of Authentication
Endpoints on page 259).
a. Navigate to Configuration > Identity > Endpoints.
b. Select the endpoint of interest.
5. To view the list of host services and the list of open ports returned by the network discovery scan for the
selected host/endpoint, select the Fingerprints tab (see Figure 130).