3-1. Please tell me the specifications of the LED on the Nano's top panel.
There are two LEDs on the top panel of Nano (NSK-NANO-BB0AX) and Nano(V) (NSK-NANO-VB0AX, NSK-NANO-VB4AX).
The "Status 1" LED on the left is green, and the "Status 2" LED on the right is red.
The LEDs indicate the following operations depending on their lighting status.
|
Status1 LED (green) |
Status2 LED (red) |
Operating status |
Startup |
■On |
■On |
System initializing |
■■Blinking |
■off |
Sensor function startup processing |
■■Blinking |
■On |
Fatal Error during the sensor function startup process |
Running |
■On |
■Off |
Operating normally |
Shutdown |
■■■Blinking |
■■■Blinking |
Recognises that the Reset button has been pressed |
■■■Blinking |
■Off |
Shutdown processing |
■Off |
■Off |
Shutdown completed
(The AC adaptor can be safely disconnected) |
Initialize |
■Off |
■■■Blinking |
Recognises that the Reset button has been pressed twice |
■Off |
■■Blinking |
Initialization in progress (automatic reboot after completion) |
Update |
■■blinking |
■On |
Firmware update failed
(only lights on for 60 seconds) |
3-2. Please tell me how to turn off the Nano.
To turn off NetSkateKoban® Nano, operate the Reset button on the main unit or shut it down from the WebUI.
When turning off the power using the Reset button:
- Press and hold the Reset button for more than 5 seconds.
- Release the Reset button after both the Status1 LED (green) and Status2 LED (red) starts blinking.
- The Status1 LED (green) starts blinking and the shutdown process will begin.
- When both the Status1 LED (green) and the Status2 LED (red) are off, shutdown is complete. Finally, disconnect the AC adapter.
When turning off the power from the settings web page:
- Click "Nano Setting/Network Setting" in "Nano Management".
- Click "System Management" on the menu.
- Click the "Shutdown" button in System Shutdown.
3-3. What is safe mode?
Safe mode is the mode that NetSkateKoban® Nano is in after it is started until you log in for the first time. During this time, email notifications and communication blocking actions will not occur. This is a mode to prevent accidents such as when moving NetSkateKoban® Nano in operation to another segment, all terminals connected to the destination segment violate the whitelist and are blocked.
3-4. Can I operate with safe mode enabled?
If the Nano is restarted due to a power outage, etc. in the operating network, and safe mode is set, no notification will be sent properly even if an unregistered device is connected. At the time of initial installation, maintenance, network configuration changes, etc., Safe Mode is turned on and Nano is installed. We assume that Safe Mode will be turned OFF when the segment is finalized, whitelist settings, etc. are completed, and operations start.
3-5. After starting monitoring, we've adjusted settings and finalized locations and whitelists. We're ready to begin communication interference and email notifications. Please advise on any other changes needed.
We recommend unchecking "Safe Mode" on the "Action Settings" screen. It is checked in the initial state, and if he restarts Nano with it checked, all communication interference and email notification actions will be disabled until the administrator accesses her web screen and logs in. It will be stopped.
3-6. Please tell me how to obtain the Nano technical support log.
When a customer requests Nano support, we or our agency support may ask the customer to obtain the Nano technical support log. The method to obtain the Nano technical support log is as follows.
- Click "Nano Setting/Network Setting" in "Nano Management".
- Click "System Management" on the menu.
- Click the "Download" button in "Logs Download".
Please note that depending on the size of the logs stored by Nano, it may take several minutes after clicking the "Download" button for the log download to begin.
3-7. Even if you register an IPv6 address in the whitelist, it may be marked as "unregistered".
By default, Windows OS, etc. may use an IPv6 anonymous (temporary) address that is automatically changed periodically. When operating a whitelist with IPv6 addresses, please use it with a fixed IP attached.
3-8. You may not be able to access Nano with Bonjour.
Bonjour uses port 5353/UDP for name resolution. If you are using antivirus software, the software's firewall function may prohibit communication on this port, so please set it to allow communication using the 5353/UDP port.
If you use the Nano with settings to obtain the address from DHCP (default) and start the Nano before connecting the network cable, you may not be able to access it with Bonjour in rare cases. Please check the network cable connection and restart Nano.
3-9. Nano's screen becomes English.
When you access the Nano screen from an iPhone/iPad, the display will be in English instead of Japanese.
We plan to improve this in future releases.
3-11. I can't access Nano from a wirelessly connected device.
With a broadband router that supports wireless LAN, you may need to configure settings to allow communication between devices connected by wire and devices connected to wireless LAN.
Please check whether there is a setting item such as "Wired ⇔ Wireless communication setting" and confirm that it is set to be allowed.
Please also see below.
Q 3-8. You may not be able to access Nano with Bonjour.
3-12. Please tell me how to initialize Nano.
When you initialize the settings, the IP address set on Nano and the NetSkateKoban sensor function setting information will return to their initial state (factory settings).
To initialize the settings, shut down the Nano, then disconnect the AC adapter power cord and Ethernet cable from the Nano to turn the power off.
With the Ethernet cable still disconnected, plug the AC adapter power cord into the Nano and start the Nano startup process.
- Status1 LED (green): Blinking
- Status2 LED (red): Off
To initialize, press the Reset button twice before the startup process is completed and the LED (green) lights up. Keep pressing it the second time and do not release it. After a while, LEDs will look like this.
- Status1 LED (green): Off
- Status2 LED (red): Blinks for 2 beats and 1 pause
If you release the Reset button in this state, the initialization process will start. LEDs during the initialization process look like this.
- Status1 LED (green): Off
- Status2 LED (red): Blinking
* If the LED (green) lights up before you release the Reset button, startup is complete and the initialization process will not be performed.
3-14. I changed the Blocking, Mail and Auto Registration settings in the action settings, but they don't seem to be reflected.
Changes to Blocking, Mail and Auto Registration settings will only take effect on terminals that are detected "after" the changes are made.
To redetect terminals that were already detected when you changed the settings, please do one of the following.
- Disable Safe Mode and reboot Nano.
- Disconnect the terminal from the network and reconnect the terminal after the "Terminal Connection Timeout" has elapsed and the terminal information has disappeared from the Detected terminals list.
3-15. I can't solve my Nano problem even after checking the web help and FAQ.
If you are unable to resolve your issue with the Nano by referring to the web help or FAQ, please contact the support desk of the distributor where you purchased the Nano.
3-16. Who should I contact for product inquiries and information about version updates?
Inquiries regarding the product are listed in the "Support Contact" section of the "Support & Upgrade Service Registration Confirmation". Customers who have subscribed to maintenance will be issued a login account to the NetSkate Service Center.
Documentation and software related to the product can be downloaded from the NetSkate Service Center.
3-17. How can I change the email address registered with the NetSkate Service Center?
Please contact the "Support Desk" on the "Support & Upgrade Service Registration Confirmation Form".
3-18. Which communication port should I use when managing Nano using Nano Manager?
For Nano Manager versions 1.5.0 or higher and Nano versions 3.0.0 or higher, Nano Manager communicates with all managed Nanos using the following destination communication port.
- 80/TCP (default, can be changed in Nano's "Network Settings" → "HTTP Port")
For other combinations, Nano Manager communicates with all managed Nanos using the following destination communication ports.
- 80/TCP (default, can be changed in Nano's "Network Settings" → "HTTP Port")
- 9907/TCP
3-19. If multiple networks are operated on the same broadcast domain (using secondary IP, etc.), is it possible to monitor and block communication with a single Nano?
Yes, it is possible without any problem. However, please note the following points:
- The maximum number of devices that can be detected simultaneously is 2048, so please do not exceed this limit.
- Please manually change the "Active Detection" settings according to your network address range.
3-20. Some devices are not detected on networks using "secondary addresses".
This can be improved by adding a range to the "Search Range Settings" in the "Active Detection" settings to include all the IP host address ranges of your network's "Primary Address" and "Secondary Address" and then "Save".
3-21. Is it possible to specify the range of addresses to be detected using Nano when using secondary addresses?
No, Nano does not allow you to specify a range of addresses to be detected and exclude other addresses from being detected.
If a single segment is operated with a mix of "primary address" and "secondary address", all terminals within the segment will be subject to detection.
3-22. Does Nano support TLS 1.2 connections to mail servers?
The following products support TLS 1.2 connections to mail servers.
- NSK-NANO-BB0AX
- NSK-NANO-VB0AX
- NSK-NANO-VB4AX
- NK4-NANO-WB0AX (version 2.6.3 or higher)
The following products are not supported.
- NK4-NANO-WB0AX (version 2.6.1 and below)
3-23. I have dual routers and would like to register them on Nano's whitelist. How exactly should I register?
Please register all MAC addresses and IP addresses used in your redundancy method, including virtual ones. (Redundancy methods and details are not supported)
3-24. I checked "Blocking" under "Auto Action" on the "Action Settings" screen and restarted Nano. After that, even if I connect an unregistered terminal, it doesn't seem to block.
- Your Nano may be running in "Safe Mode".
- "Safe Mode" is a mode of operation in which no Blocking or Mail actions are performed after the Nano reboots and until an administrator logs in to the Nano WebUI for the first time. This is a function that is turned on at the time of shipment, to reduce accidents such as unintentional blocking when the Nano is accidentally connected to a different network than usual.
- To disable "Safe Mode", turn off the "Safe Mode" checkbox on the "Action Settings" screen, "Save", and then restart Nano.
3-25. I have installed Nano on my company's internal LAN. If I connect a mobile device or laptop from a network outside the company to the company's internal LAN via VPN, can Nano monitor it?
Devices connected via Layer 3 VPN cannot be monitored.
When making a VPN connection to the company LAN from outside the company using a mobile device or laptop, a Layer 3 VPN is generally used.
In this case, the MAC address of the connected device is not used for communication on the company LAN, so it cannot be monitored by Nano.
3-26. If I use Mobile Hotspot to share my internet connection on a Windows PC that is connected to a network that Nano is monitoring, can Nano monitor other devices that are connected to it?
No, it can not monitor.
3-27. Is it possible to remotely manage Nano installed on another network?
Yes, it is possible if you prepare a network connection such as LAN or VPN to enable communication to the IP address set on Nano. In that case, please also make sure that an appropriate "default router" is set for Nano.
3-28. What kind of security event (content) occurs in FortiGate when the action when linking with FortiGate is executed?
The items that can be linked with ForitiGate using Nano's "SNMP trap linkage settings" and "Syslog linkage settings" are as follows. Only one of these combinations can be configured and used on a single Nano. (Example: Syslog - fgTrapAvVirus)
For information on the FortiGate functions and settings, please refer to the FortiOS Handbook, the documentation that comes with the FortiGate product.
- SNMP trap
-
- fgTrapIpsSignature
- fgTrapIpsAnomaly
- Syslog
-
- fgTrapIpsSignature
- fgTrapIpsAnomaly
- fgTrapAvVirus
- fgWebFilter
- fgDNSFilter
3-29. The MAC address (same) of L2/L3 switch equipment is detected irregularly in multiple VLANs.
It seems that you are connecting a device that is designed to communicate using a single MAC address for all connected VLANs. In this case, there is nothing particularly abnormal. However, when registering such a device to the ATL based on its MAC address, please register by specifying all VLANs that may communicate, or "All". It is possible to avoid actions such as detection and blocking in unexpected VLANs.