Language
NSK.ico

NetSkateKoban Nano/Nano(V)

FAQ

Common to Nano/Nano(V)

Note: In FAQ, NetSkateKoban® Nano and NetSkateKoban® Nano(V) are written as Nano.

1. For those considering introduction

1-1. I would like to use Nano to detect when an unknown device connects to the network. What should I do?

If you register the information consisting of the "MAC address" or "IP address" of the authorized terminal, and the connected "VLAN ID" (in the case of Nano(V)) in the "ATL", you can detect any unknown devices that connect to the network as "unregistered terminals".

1-2. Please tell me in detail the conditions under which a device is determined to be an unregistered terminal (unauthorized terminal).

It has ATL information for determining legitimate terminals, and is used when a terminal is detected. It identifies unauthorized terminals based on the MAC address, IP address, and detected VLAN ID (in the case of Nano(V)) information.

Specifically, the following ATL information can be registered, and a terminal that does not match any of these will be determined to be an unauthorized terminal.

(1) "MAC address"
If the MAC address of the detected terminal matches the registered "MAC address", it is a legitimate terminal.

(2) "IP address"
If the IP address used by the detected terminal matches the registered "IP address", it is a legitimate terminal.

(3) "MAC address and IP address pair"
If the MAC address and the IP address being used by the detected terminal match a registered "MAC address and IP address pair", then it is considered a legitimate terminal.

(4) "Pair of the above information and VLAN ID" (for Nano(V))
If the information in (1) to (3) matches the VLAN number to which the terminal is connected, it is a legitimate terminal.

1-3. What is the maximum number of simultaneous blocking for Nano?

The upper limit for the number of simultaneous blocking changes depending on the setting status of "Power Blocking" on the "Action Settings" screen.

  • Up to 15 if enabled
  • Up to 25 if disabled

1-4. Can multiple Nanos be operated efficiently?

If you use Nano Manager, you can operate multiple Nanos at once.
Customers who have subscribed to maintenance can download it free of charge from the NetSkate Service Center.

1-5. Can Nano be used in a wireless LAN environment without any problems?

Yes, it is available.
The Nano itself can only be connected to a wired network, but by operating the wired network to which the Nano is connected and the wireless LAN as the same broadcast network, wireless LAN devices can also be managed.
For detailed network settings, please refer to the manual for your network device or wireless LAN device.

1-6. What browsers does Nano support?

We support the latest versions of Google Chrome, Microsoft Edge, and Mozilla Firefox.

1-7. Can I use Nano Manager to monitor Nanos installed at multiple locations connected via VPN?

If the PC running Nano Manager and the Nanos installed at each site can communicate directly using each other's IP addresses, monitoring is possible even if the connection between the sites is a VPN.

1-8. Will connecting Nano to the network have an impact on other network devices or terminals?

No, it will not.
Nano detects devices on the network by passively monitoring packets broadcast on the Ethernet, so it does not affect the communication of your network equipment or existing devices.

1-9. Can Nano display English?

Yes. It is possible.
By setting your browser's language settings to English, the page will be displayed in English.

1-10. Please tell me how to start using Nano in a network without a DHCP server.

Nano is initially set to obtain an address from DHCP.
If your network does not have a DHCP server, addresses will be automatically assigned using a process called APIPA. Therefore, by directly connecting the HUB to a PC that is also configured to obtain an address using DHCP, you can access kobannano.local and make any settings using the steps described in the "Quick Start Guide".

1-11. What are the operating requirements for Nano Manager?

Compatible OS Windows 10 (64bit), Windows11, Windows Server 2022
Dependent Software Java 8 (Java used by Nano Manager is included in Nano Manager setup file, no separate installation required)
CPU Intel Core i5 3.2GHz equivalent or higher
Memory 2GB or more free memory
Disk Capacity During installation: 500MB or more free space(Additionally 100MB or more free space for each Nano registered)

1-12. I would like to run Nano Manager on Windows Server. Is it supported?

Yes, compatible with Windows Server 2022.

1-13. I would like to constantly monitor whether Nano is alive or not using Nano Manager. Is it possible?

This is possible by starting the Nano Manager, logging in, and continuing to run it without logging out or shutting down.
If you restart Windows, you will need to log in to Windows again to start and log in to Nano Manager.

1-14. If I update the Nano ATL settings, when will this be reflected in the status in the Detected Terminal List?

The updates to the ATL will take effect as soon as they are completed.

2. For those who want to know more about NetSkateKoban® Nano

2-1. What information can I check on my device using Nano?

On the detected terminal list screen, you can check the following information about the terminal. (*)

  • Detection time
  • Terminal name
  • MAC address [vendor information]
  • IP address (IPv4, IPv6)
  • VLAN ID [for Nano(V)]
  • Terminal OS
  • Device type (e.g. printer, layer 2/3 device, etc.)

* Since these are inferred from packet information, MIB information, etc., it may not necessarily match the actual OS name or device type.

2-2. Can Nano detect devices other than PC terminals such as printers?

Yes. It is possible.
The "Active Detection" function (enabled by default) enables highly accurate detection of terminals that do not perform much active communication, such as printers.

2-3. Can I detect and block IPv6 connected terminals with Nano?

Yes. Even on the same terminal, it is possible to detect and block terminals with an IPv6 interface turned on. It can also detect and block IPv6 connections used by smartphones, tablets, and Windows devices.

2-4. Is it possible to change the settings to allow/prevent connection to the network when an unauthorized terminal is detected?

Yes, you can set whether to execute "Mail" notifications and "Blocking" on the "Action Settings" screen.

2-5. What happens to the status of connected devices once I connect Nano to a monitored network and start using it?

Since the ATL is empty, all devices will be detected with an "unregistered" status.

2-6. Will it start blocking the devices with an "unregistered" status as soon as I connect Nano to the monitored network and start using it?

No, blocking action is set to OFF in the initial state, so blocking will not start.

2-7. Can the terminal connection report be generated with Nano?

Yes. A list of terminal connections can be output for up to two weeks.
You can check not only the presence of connections, but also the time periods of the connections, which can be used to check suspicious connection times or unnecessary connections. Starting from version 2.8, even if there are many device detection histories, old histories are now included in the report.
When used in conjunction with Nano Manager, it is possible to generate reports up to 2 months ago.

2-8. Is it possible to take measures against devices with Wi-Fi privacy addresses (random MAC addresses)?

No, if you want Nano to manage connections based on MAC addresses, you will need to turn off this feature.

2-9. If the unregistered terminal remains connected even after the blocking is manually stopped or the blocking period has elapsed, will communication become possible?

No, after the blocking is finished, Nano detects that the device is still connected and resumes the blocking process, so it will not become possible to communicate.

2-10. How many devices can one Nano/Nano(V) manage?

The number of devices that can be monitored simultaneously is as follows for each model.

  • NK4-NANO-WB0AX: 1,024 units
  • NSK-NANO-BB0AX: 2,048 units
  • NSK-NANO-VB0AX/VB4AX: 2,048 units (total of monitored VLANs)

Up to 20,000 items can be registered to the ATL.

2-11. If I replace the router between Nano and Nano Manager communication, will there be communication interference with the new router?

If you replace the router on the network segment to which Nano is connected, communication interference will occur if the whitelist information corresponding to the new router is not registered.
If you replace the router on the network segment to which Nano is connected, you will need to do one of the following:

  • Register whitelist information for the new router in advance.
  • Disable "Communication Interference" on the Nano's "Action Settings" screen, then register the whitelist information for the router in question, and then enable "Communication Interference".

2-12. What kind of restrictions will occur if more devices are detected than the maximum number of devices that can be detected by one Nano?

Devices connected in excess of the limit on the number that Nano can detect will not be unable to connect to the network, however, due to the performance of Nano, the reliability of detection and the response of the WebUI etc. cannot be guaranteed.

2-13. What kind of OS can Nano detect?

Windows / MacOS / Linux / unix / Android / iOS.

2-14. How is the device name of the device detected by Nano obtained?

Obtain the terminal name with the following priority.

  1. Terminal name on the ATL (If the terminal name is registered on the ATL)
  2. NetBIOS name (If the NetBIOS in the "Terminal Name Collection" is enabled)
  3. DNS name (If the DNS in the "Terminal Name Collection" is enabled, and a DNS server is set or it is set automatically via DHCP)

2-15. Can I arbitrarily set the "Terminal name" of the device detected by Nano?

Yes, you can set any string to be displayed in Nano's Detected terminal list.
The string registered in the "Terminal Name" field of the ATL will be displayed in the "Terminal Name" column of the Detected terminal list.

2-16. Can Nano be used in a network built with SubGate security switches?

Yes, it is possible.
It has been verified that Nano works properly by properly configuring the SubGate security switch.
Verification was performed on the following models. Please contact us for other models.

  • SubGate: SG1005G
  • NetSkateKoban® Nano: NSK-NANO-BB0AX

2-17. What happens when more than the maximum number of blocking target terminals are connected?

For terminals that exceed the maximum number, communication will not be blocked with and communication will be possible. In this case, "Blocked" will not be displayed in the status of the device in the "Detected terminal list".

2-18. Is there a limit to the size of the network that Nano can monitor?

There is no limit to the size of the monitored network (/24, /16, etc.).

3. For users who have already installed NetSkateKoban® Nano

3-1. Please tell me the specifications of the LED on the Nano's top panel.

There are two LEDs on the top panel of Nano (NSK-NANO-BB0AX) and Nano(V) (NSK-NANO-VB0AX, NSK-NANO-VB4AX).
The "Status 1" LED on the left is green, and the "Status 2" LED on the right is red.
The LEDs indicate the following operations depending on their lighting status.

  Status1 LED (green) Status2 LED (red) Operating status
Startup On On System initializing
Blinking off Sensor function startup processing
Blinking On Fatal Error during the sensor function startup process
Running On Off Operating normally
Shutdown Blinking Blinking Recognises that the Reset button has been pressed
Blinking Off Shutdown processing
Off Off Shutdown completed
(The AC adaptor can be safely disconnected)
Initialize Off Blinking Recognises that the Reset button has been pressed twice
Off Blinking Initialization in progress (automatic reboot after completion)
Update blinking On Firmware update failed
(only lights on for 60 seconds)

3-2. Please tell me how to turn off the Nano.

To turn off NetSkateKoban® Nano, operate the Reset button on the main unit or shut it down from the WebUI.

When turning off the power using the Reset button:
  1. Press and hold the Reset button for more than 5 seconds.
  2. Release the Reset button after both the Status1 LED (green) and Status2 LED (red) starts blinking.
  3. The Status1 LED (green) starts blinking and the shutdown process will begin.
  4. When both the Status1 LED (green) and the Status2 LED (red) are off, shutdown is complete. Finally, disconnect the AC adapter.
When turning off the power from the settings web page:
  1. Click "Nano Setting/Network Setting" in "Nano Management".
  2. Click "System Management" on the menu.
  3. Click the "Shutdown" button in System Shutdown.

3-3. What is safe mode?

Safe mode is the mode that NetSkateKoban® Nano is in after it is started until you log in for the first time. During this time, email notifications and communication blocking actions will not occur. This is a mode to prevent accidents such as when moving NetSkateKoban® Nano in operation to another segment, all terminals connected to the destination segment violate the whitelist and are blocked.

3-4. Can I operate with safe mode enabled?

If the Nano is restarted due to a power outage, etc. in the operating network, and safe mode is set, no notification will be sent properly even if an unregistered device is connected. At the time of initial installation, maintenance, network configuration changes, etc., Safe Mode is turned on and Nano is installed. We assume that Safe Mode will be turned OFF when the segment is finalized, whitelist settings, etc. are completed, and operations start.

3-5. After starting monitoring, we've adjusted settings and finalized locations and whitelists. We're ready to begin communication interference and email notifications. Please advise on any other changes needed.

We recommend unchecking "Safe Mode" on the "Action Settings" screen. It is checked in the initial state, and if he restarts Nano with it checked, all communication interference and email notification actions will be disabled until the administrator accesses her web screen and logs in. It will be stopped.

3-6. Please tell me how to obtain the Nano technical support log.

When a customer requests Nano support, we or our agency support may ask the customer to obtain the Nano technical support log. The method to obtain the Nano technical support log is as follows.

  1. Click "Nano Setting/Network Setting" in "Nano Management".
  2. Click "System Management" on the menu.
  3. Click the "Download" button in "Logs Download".

Please note that depending on the size of the logs stored by Nano, it may take several minutes after clicking the "Download" button for the log download to begin.

3-7. Even if you register an IPv6 address in the whitelist, it may be marked as "unregistered".

By default, Windows OS, etc. may use an IPv6 anonymous (temporary) address that is automatically changed periodically. When operating a whitelist with IPv6 addresses, please use it with a fixed IP attached.

3-8. You may not be able to access Nano with Bonjour.

Bonjour uses port 5353/UDP for name resolution. If you are using antivirus software, the software's firewall function may prohibit communication on this port, so please set it to allow communication using the 5353/UDP port.
If you use the Nano with settings to obtain the address from DHCP (default) and start the Nano before connecting the network cable, you may not be able to access it with Bonjour in rare cases. Please check the network cable connection and restart Nano.

3-9. Nano's screen becomes English.

When you access the Nano screen from an iPhone/iPad, the display will be in English instead of Japanese.
We plan to improve this in future releases.

3-11. I can't access Nano from a wirelessly connected device.

With a broadband router that supports wireless LAN, you may need to configure settings to allow communication between devices connected by wire and devices connected to wireless LAN.
Please check whether there is a setting item such as "Wired ⇔ Wireless communication setting" and confirm that it is set to be allowed.
Please also see below.

Q 3-8. You may not be able to access Nano with Bonjour.

3-12. Please tell me how to initialize Nano.

When you initialize the settings, the IP address set on Nano and the NetSkateKoban sensor function setting information will return to their initial state (factory settings).
To initialize the settings, shut down the Nano, then disconnect the AC adapter power cord and Ethernet cable from the Nano to turn the power off.
With the Ethernet cable still disconnected, plug the AC adapter power cord into the Nano and start the Nano startup process.

  • Status1 LED (green): Blinking
  • Status2 LED (red): Off

To initialize, press the Reset button twice before the startup process is completed and the LED (green) lights up. Keep pressing it the second time and do not release it. After a while, LEDs will look like this.

  • Status1 LED (green): Off
  • Status2 LED (red): Blinks for 2 beats and 1 pause

If you release the Reset button in this state, the initialization process will start. LEDs during the initialization process look like this.

  • Status1 LED (green): Off
  • Status2 LED (red): Blinking

* If the LED (green) lights up before you release the Reset button, startup is complete and the initialization process will not be performed.

3-14. I changed the Blocking, Mail and Auto Registration settings in the action settings, but they don't seem to be reflected.

Changes to Blocking, Mail and Auto Registration settings will only take effect on terminals that are detected "after" the changes are made.
To redetect terminals that were already detected when you changed the settings, please do one of the following.

  • Disable Safe Mode and reboot Nano.
  • Disconnect the terminal from the network and reconnect the terminal after the "Terminal Connection Timeout" has elapsed and the terminal information has disappeared from the Detected terminals list.

3-15. I can't solve my Nano problem even after checking the web help and FAQ.

If you are unable to resolve your issue with the Nano by referring to the web help or FAQ, please contact the support desk of the distributor where you purchased the Nano.

3-16. Who should I contact for product inquiries and information about version updates?

Inquiries regarding the product are listed in the "Support Contact" section of the "Support & Upgrade Service Registration Confirmation". Customers who have subscribed to maintenance will be issued a login account to the NetSkate Service Center.
Documentation and software related to the product can be downloaded from the NetSkate Service Center.

3-17. How can I change the email address registered with the NetSkate Service Center?

Please contact the "Support Desk" on the "Support & Upgrade Service Registration Confirmation Form". 

3-18. Which communication port should I use when managing Nano using Nano Manager?

For Nano Manager versions 1.5.0 or higher and Nano versions 3.0.0 or higher, Nano Manager communicates with all managed Nanos using the following destination communication port.

  • 80/TCP (default, can be changed in Nano's "Network Settings" → "HTTP Port")

For other combinations, Nano Manager communicates with all managed Nanos using the following destination communication ports.

  • 80/TCP (default, can be changed in Nano's "Network Settings" → "HTTP Port")
  • 9907/TCP

3-19. If multiple networks are operated on the same broadcast domain (using secondary IP, etc.), is it possible to monitor and block communication with a single Nano?

Yes, it is possible without any problem. However, please note the following points:

  • The maximum number of devices that can be detected simultaneously is 2048, so please do not exceed this limit.
  • Please manually change the "Active Detection" settings according to your network address range.

3-20. Some devices are not detected on networks using "secondary addresses".

This can be improved by adding a range to the "Search Range Settings" in the "Active Detection" settings to include all the IP host address ranges of your network's "Primary Address" and "Secondary Address" and then "Save".

3-21. Is it possible to specify the range of addresses to be detected using Nano when using secondary addresses?

No, Nano does not allow you to specify a range of addresses to be detected and exclude other addresses from being detected.
If a single segment is operated with a mix of "primary address" and "secondary address", all terminals within the segment will be subject to detection.

3-22. Does Nano support TLS 1.2 connections to mail servers?

The following products support TLS 1.2 connections to mail servers.

  • NSK-NANO-BB0AX
  • NSK-NANO-VB0AX
  • NSK-NANO-VB4AX
  • NK4-NANO-WB0AX (version 2.6.3 or higher)

The following products are not supported.

  • NK4-NANO-WB0AX (version 2.6.1 and below)

3-23. I have dual routers and would like to register them on Nano's whitelist. How exactly should I register?

Please register all MAC addresses and IP addresses used in your redundancy method, including virtual ones. (Redundancy methods and details are not supported)

3-24. I checked "Blocking" under "Auto Action" on the "Action Settings" screen and restarted Nano. After that, even if I connect an unregistered terminal, it doesn't seem to block.

  • Your Nano may be running in "Safe Mode".
  • "Safe Mode" is a mode of operation in which no Blocking or Mail actions are performed after the Nano reboots and until an administrator logs in to the Nano WebUI for the first time. This is a function that is turned on at the time of shipment, to reduce accidents such as unintentional blocking when the Nano is accidentally connected to a different network than usual.
  • To disable "Safe Mode", turn off the "Safe Mode" checkbox on the "Action Settings" screen, "Save", and then restart Nano.

3-25. I have installed Nano on my company's internal LAN. If I connect a mobile device or laptop from a network outside the company to the company's internal LAN via VPN, can Nano monitor it?

Devices connected via Layer 3 VPN cannot be monitored.
When making a VPN connection to the company LAN from outside the company using a mobile device or laptop, a Layer 3 VPN is generally used.
In this case, the MAC address of the connected device is not used for communication on the company LAN, so it cannot be monitored by Nano.

3-26. If I use Mobile Hotspot to share my internet connection on a Windows PC that is connected to a network that Nano is monitoring, can Nano monitor other devices that are connected to it?

No, it can not monitor.

3-27. Is it possible to remotely manage Nano installed on another network?

Yes, it is possible if you prepare a network connection such as LAN or VPN to enable communication to the IP address set on Nano. In that case, please also make sure that an appropriate "default router" is set for Nano.

3-28. What kind of security event (content) occurs in FortiGate when the action when linking with FortiGate is executed?

The items that can be linked with ForitiGate using Nano's "SNMP trap linkage settings" and "Syslog linkage settings" are as follows. Only one of these combinations can be configured and used on a single Nano. (Example: Syslog - fgTrapAvVirus)
For information on the FortiGate functions and settings, please refer to the FortiOS Handbook, the documentation that comes with the FortiGate product.

  • SNMP trap
    1. fgTrapIpsSignature
    2. fgTrapIpsAnomaly
  • Syslog
    1. fgTrapIpsSignature
    2. fgTrapIpsAnomaly
    3. fgTrapAvVirus
    4. fgWebFilter
    5. fgDNSFilter

3-29. The MAC address (same) of L2/L3 switch equipment is detected irregularly in multiple VLANs.

It seems that you are connecting a device that is designed to communicate using a single MAC address for all connected VLANs. In this case, there is nothing particularly abnormal. However, when registering such a device to the ATL based on its MAC address, please register by specifying all VLANs that may communicate, or "All". It is possible to avoid actions such as detection and blocking in unexpected VLANs.