If you register the information consisting of the "MAC address" or "IP address" of the authorized terminal, and the connected "VLAN ID" (in the case of Nano(V)) in the "whitelist", you can detect any unknown devices that connect to the network as "unregistered devices".

It has whitelist information for determining legitimate terminals, and is used when a terminal is detected. It identifies unauthorized terminals based on the MAC address, IP address, and detected VLAN ID (in the case of Nano(V)) information.

Specifically, the following whitelist information can be registered, and a terminal that does not match any of these will be determined to be an unauthorized terminal.

(1) “MAC address”
　If the MAC address of the detected device matches the registered “MAC address”, it is a legitimate device.

(2) “IP address”
　If the IP address used by the detected device matches the registered “IP address”, it is a legitimate device.

(3) “MAC address and IP address pair”
　If the MAC address and the IP address being used by the detected device match a registered "MAC address and IP address pair," then it is considered a legitimate device.

(4) “Pair of the above information and VLAN ID” (for Nano(V))
　If the information in (1) to (3) matches the VLAN number to which the device is connected, it is a legitimate device.

The upper limit for the number of simultaneous poisoning changes depending on the setting status of "Power Poisoning" on the "Action Settings" screen.

• Up to 15 if enabled
• Up to 25 if disabled

If you use Nano Manager, you can operate multiple Nanos at once.

Customers who have subscribed to maintenance can download it free of charge from the NetSkate Service Center.

Yes, it is available.
The Nano itself can only be connected to a wired network, but by operating the wired network to which the Nano is connected and the wireless LAN as the same broadcast network, wireless LAN devices can also be managed.
For detailed network settings, please refer to the manual for your network device or wireless LAN device.

We support the latest versions of Google Chrome, Microsoft Edge, and Mozilla Firefox.

If the PC running Nano Manager and the Nanos installed at each site can communicate directly using each other's IP addresses, monitoring is possible even if the connection between the sites is a VPN.

Yes. It is possible.
By setting your browser's language settings to English, the page will be displayed in English.

Nano is initially set to obtain an address from DHCP.

If your network does not have a DHCP server, addresses will be automatically assigned using a process called APIPA. Therefore, by directly connecting the HUB to a PC that is also configured to obtain an address using DHCP, you can access kobannano.local and make any settings using the steps described in the "Quick Start Guide."

The only supported OS for Nano Manager is Windows 10 (64bit).

• This is possible by starting the Nano Manager, logging in, and continuing to run it without logging out or shutting down.
• If you restart Windows, you will need to log in to Windows again to start and log in to Nano Manager.

On the detected terminal list screen, you can check the following information about the terminal. (*)
　・Detection time
　・Terminal name
　・MAC address [vendor information]
　・IP address (IPv4, IPv6)
    ・VLAN ID [for Nano(V)]
　・Terminal OS

*In some cases, it may not be detected or information that differs from the actual information may be displayed.

Yes. It is possible.
Thanks to the effect of the "Active Detection" function (enabled by default), even terminals that do not perform active communication, such as printers, can be detected with high accuracy.

Yes. Even on the same terminal, it is possible to detect a terminal whose IPv6 interface is ON and interfere with communication. It can also detect and interfere with IPv6 connections used by smartphones, tablets, and Windows devices.

Yes, you can set whether to execute "email" notifications and "poisoning" on the "Action Settings" screen.

　Since the whitelist is empty, all devices will be detected with a status of "unregistered".

　No, poisoning action is set to OFF in the initial state, so poisoning will not start.

Yes. A list of terminal connections can be output for up to two weeks.
You can check not only the presence or absence of a connection, but also the time of the connection, so you can also use it to check for connections at suspicious times or unnecessary connections. Starting from version 2.8, if a device has a large detection history, the old history will also be included in the weekly report.
When used in conjunction with NanoManager, it is possible to generate reports up to 3 months ago.

 No, if you want Nano to manage connections based on MAC addresses, you will need to turn off this feature.

No, after the poisoning ends, it detects that the device is still connected and resumes the poisoning process, so it will not become possible to communicate.

The number of devices that can be monitored simultaneously is as follows for each model.

• NK4-NANO-WB0AX: 1,024 units
• NSK-NANO-BB0AX: 2,048 units
• NSK-NANO-VB0AX/VB4AX: 2,048 units (total of monitored VLANs)

  Up to 20,000 items can be registered to the whitelist.

If you replace the router on the network segment to which Nano is connected, communication interference will occur if the whitelist information corresponding to the new router is not registered.
If you replace the router on the network segment to which Nano is connected, you will need to do one of the following:

•  Register whitelist information for the new router in advance
•  Disable "Communication Interference" on the Nano's "Action Settings" screen, then register the whitelist information for the router in question, and then enable "Communication Interference".

Devices connected beyond the limit will not become unable to connect to the network, but due to Nano's performance, we cannot guarantee the reliability of detection or the response of the settings web page, etc.

Windows/MacOS/Linux/unix/Android/iOS.

Obtain the terminal name with the following priority.
    1. NetBIOS name (If the NetBIOS option is enabled, it is ON by default.)
    2. DNS name (If the DNS settings are configured manually or from DHCP) (Only if set automatically)

The Nano device name is automatically set according to the following priority, so the Nano administrator cannot change it arbitrarily.

1. NetBIOS name (if NetBIOS option is enabled, default is ON)
2. DNS name (only if DNS settings were configured manually or automatically via DHCP)

Yes. It is possible. It has been verified that Nano works properly
by properly configuring the SubGate security switch .

   Verification was performed on the following models. Please contact us for other models.
  　 SubGate:SG1005G
   　NetSkateKoban® Nano: BB0AX

 For devices that exceed the maximum number, communication will not be interfered with and communication will be possible. In this case, "Interfering" will not be displayed in the status of the device in the "List of detected devices".

There is no limit to the size of the monitored network (/24, /16, etc.).

There are two LEDs on the top panel of Nano (NSK-NANO-BB0AX) and Nano(V) (NSK-NANO-VB0AX). The "Status 1" LED on the left is green, and the "Status 2" LED on the right is green. The LED will turn red.

The LEDs indicate the following operations depending on their lighting status.

To turn off NetSkateKoban® Nano, operate the power button on the main unit or turn off the power from the settings web page.
[When turning off the power using the power button]
    1.Press and hold the Reset button for more than 5 seconds. The shutdown process will begin.
    2. Release the Reset button when the Status1 LED (green) starts blinking.
    3.When the Status1 LED (red) flashes, the shutdown is complete. Finally, disconnect the AC adapter.
[When turning off the power from the settings web page]
    1. Click "Sensor Settings" in the upper right corner of the screen
    2. Click "System Management" on the menu screen
    3. Click the "Shutdown" button in System Shutdown

Safe mode is the mode that NetSkateKoban® Nano is in after it is started until you log in for the first time. During this time, email notifications and communication blocking actions will not occur. This is a mode to prevent accidents such as when moving NetSkateKoban® Nano in operation to another segment, all terminals connected to the destination segment violate the whitelist and are blocked.

We recommend unchecking "Safe Mode" on the "Action Settings" screen. It is checked in the initial state, and if he restarts Nano with it checked, all communication interference and email notification actions will be disabled until the administrator accesses her web screen and logs in. It will be stopped.

When a customer requests Nano support, we or our agency support may ask the customer to obtain Nano operation logs. The method to obtain Nano operation logs is as follows.
    1. Click on "Sensor Settings" in the upper right corner of the screen
    2. Click on "System Management" on the menu screen
    3. Click on the "Download" button to obtain the operation log
　Depending on the size of the log saved by Nano, click on the "Download" button After clicking , it may take a few minutes for the log save screen to appear. Please note.

By default, Windows OS, etc. may use an IPv6 anonymous (temporary) address that is automatically changed periodically. When operating a whitelist with IPv6 addresses, please use it with a fixed IP attached. 

   Bonjour uses port 5353/UDP for name resolution. If you are using antivirus software, the software's firewall function may prohibit communication on this port, so please set it to allow communication using the 5353/UDP port.
    If you use the Nano with settings to obtain the address from DHCP (default) and start the Nano before connecting the network cable, you may not be able to access it with Bonjour in rare cases. Please check the network cable connection and restart Nano.

When you access the Nano screen from an iPhone/iPad, the display will be in English instead of Japanese.
We plan to improve this in future releases.  

Nano Manager Ver. 1.2.1 and earlier has a bug that causes this phenomenon to occur if a whitelist containing Japanese characters is updated from both Nano's web management screen and Nano Manager.
 If this occurs, follow the steps below to resolve it, and then either avoid using Japanese in the whitelist information, or centralize the whitelist operation to either Nano's web management screen or Nano Manager. Please do so.

• Download the whitelist from the Nano in Nano Manager
• Please re-upload the downloaded whitelist directly from Nano Manager.

　We plan to improve this in future releases.

With a broadband router that supports wireless LAN, you may need to configure settings to allow communication between devices connected by wire and devices connected to wireless LAN.
Please check whether there is a setting item such as "Wired ⇔ Wireless communication setting" and confirm that it is set to be allowed.
Please also see below. You may not be able to access Nano with Bonjour.

When you initialize the settings, the IP address set on Nano and the NetSkateKoban sensor function setting information will return to their initial state (factory settings).
　When initializing settings, after shutting down, disconnect the AC adapter power cord and Ethernet cable from the Nano, and turn off the power.
　If you connect the power cord of the AC adapter to Nano with the Ethernet cable disconnected, the power will turn on and the startup process will begin. During the startup process, the LED of "Nano" will be as shown below.
Status1 LED (green) Flashing
Status2 LED (red) Off
　To initialize, press the Reset button twice before the startup process is completed and the LED (green) lights up. Keep pressing it the second time and do not release it. After a while, the LED will look like this:
Status1 LED (green) Off
Status2 LED (red) Blinks for 2 beats and 1 pause (beep, beep)
　If you release the Reset button in this state, the initialization process will start. The LED during the initialization process looks like this:
Status1 LED (green) Off
Status2 LED (red) Flashing

*If the LED (green) lights up before you release the Reset button, startup is complete and the initialization process will not be performed.

The detected OS information will not be updated until the Nano is restarted. Please restart and use if necessary. 

Changes to communication interference and email notification settings will only take effect on devices that are detected "after" the changes are made. For devices that were already detected at the time of the setting change, communication interference and email notifications will be sent according to the new settings when the device is detected again after the "time until it is determined to have been terminated" has elapsed.

If you are unable to resolve your issue with the Nano by referring to the web help or FAQ, please contact the support desk of the distributor where you purchased the Nano.

　Inquiries regarding the product are listed in the "Support Contact" section of the "Support & Upgrade Service Registration Confirmation". Customers who have subscribed to maintenance will be issued a login account to the NetSkate Service Center.
Documentation and software related to the product can be downloaded from the NetSkate Service Center.

Please contact the "Support Desk" on the "Support & Upgrade Service Registration Confirmation Form". 

The Nano Manager communicates with all managed Nanos using the following destination communication ports.

• 80/TCP (default, can be changed in Nano's "Network Settings" → "HTTP Port")
• 9907/TCP

Yes, it is possible without any problem. However, please note the following points:

• The maximum number of devices that can be detected simultaneously is 2,048, so please do not exceed this limit.
• Please manually change the "Active Detection" settings according to your network address range.

This can be improved by adding a range to the "Search Range Settings" in the "Active Detection" settings to include all the IP host address ranges of your network's "Primary Address" and "Secondary Address" and then "Save". .

　No, Nano does not allow you to specify a range of addresses to be detected and exclude other addresses from being detected.
If a single segment is operated with a mix of "primary address" and "secondary address", all terminals within the segment will be subject to detection.

• The following products support TLS 1.2 connections to mail servers.
  • NSK-NANO-BB0AX
  • NSK-NANO-VB0AX
  • NSK-NANO-VB4AX
  • NK4-NANO-WB0AX (version 2.6.3 or higher)
• The following products are not supported.
  • NK4-NANO-WB0AX (version 2.6.1 and below)

Please register all MAC addresses and IP addresses used in your redundancy method, including virtual ones. (Redundancy methods and details are not supported)

• Your Nano may be running in "Safe Mode".
• "Safe Mode" is a mode of operation in which no poisoning or email notification actions are performed after the Nano reboots and until an administrator logs in to the admin screen for the first time. This is a function that is turned on at the time of shipment, to reduce accidents such as unintentional poisoning when the Nano is accidentally connected to a different network than usual.
• To disable "Safe Mode", turn off the "Safe Mode" checkbox on the "Action Settings" screen, "Save", and then restart Nano.

　Devices connected via Layer 3 VPN cannot be monitored.
When making a VPN connection to the company LAN from outside the company using a mobile device or laptop, a Layer 3 VPN is generally used.
　In this case, the MAC address of the connected device is not used for communication on the company LAN, so it cannot be monitored by Nano.

No, it can not monitor.

Yes, it is possible if you prepare a network connection such as LAN or VPN to enable communication to the IP address set on Nano. In that case, please also make sure that an appropriate "default router" is set for Nano.

The items that can be linked with ForitiGate using Nano's "SNMP trap linkage settings" and "Syslog linkage settings" are as follows. Only one of these combinations can be configured and used on a single Nano. (Example: Syslog - fgTrapAvVirus)
For information on the FortiGate functions and settings, please refer to the FortiOS Handbook, the documentation that comes with the FortiGate product.

• SNMP trap
  1. fgTrapIpsSignature
  2. fgTrapIpsAnomaly
• Syslog
  1. fgTrapIpsSignature
  2. fgTrapIpsAnomaly
  3. fgTrapAvVirus

It seems that you are connecting a device that is designed to communicate using a single MAC address for all connected VLANs. In this case, there is nothing particularly abnormal. However, when registering such a device to the whitelist based on its MAC address, please register by specifying all VLANs that may communicate, or "all". It is possible to avoid actions such as detection and communication interference in unexpected VLANs.