Tanium™ Console 7.3 User Guide

PDF 7.3
PDF 7.2
  • All Files
Documentation Home > Tanium Console User Guide

Configuring client subnets

The client subnet configuration affects how Tanium™ Clients peer with each other. Before making changes, be sure you understand the default behavior and the impact of your changes. See Configuring Tanium Client Peering.

The Tanium™ Server stores subnet settings in configuration files on its host computer and does not automatically synchronize the settings with its high availability (HA) peer. If you change these settings in HA deployments, perform the procedure on both Tanium Servers.

Only users assigned the Administrator reserved role can see and use the Configuration pages, including the Subnets Configuration for Client Peering page.

Configure separated subnets

Tanium Clients can peer only with neighbors that are within the same separated subnet, not outside it. Configure a subnet for each neighborhood of Tanium Clients that must peer only with each other.

  1. Go to Configuration > Tanium Server > Subnets.
  2. Enter each Separated Subnet in CIDR format (such as 192.168.2.0/24). Tanium Core Platform 7.3 and later supports IPv6 subnets (consult your TAM), which you must enter within square brackets followed by the prefix (such as [2001:db8::]/32).

    3. Note: Use either the ; or # character at the beginning of a line or immediately following an entry to add optional comments or documentation.

  3. Save your changes.

It takes up to four hours for Tanium Clients to register and receive an updated peer list (registration reset interval).

Configure isolated subnets

Because network communication between VPN clients has significantly greater latency than a client-to-server connection, configure an isolated subnet for each VPN client to prevent peering between them.

  1. Go to Configuration > Tanium Server > Subnets.
  2. Enter each Isolated Subnet in CIDR format (such as 192.168.2.0/24). Tanium Core Platform 7.3 and later supports IPv6 subnets (consult your TAM), which you must enter within square brackets followed by the prefix (such as [2001:db8::]/32).

    3. Note: Use either the ; or # character at the beginning of a line or immediately following an entry to add optional comments or documentation.

  3. Save your changes.

It takes up to four hours for Tanium Clients to register and receive an updated peer list (registration reset interval).

Last updated: 3/15/2019 3:19 PM | Feedback