About the monitoring mode

In this topic, you will learn what is the Portnox™ Cloud monitoring mode, how it works, and how to use it effectively.

The monitoring mode is a feature in Portnox Cloud that applies to NAS devices. You can turn it on either for a specific NAS device or for all newly connecting NAS devices. When monitoring mode is on for a specific NAS device, user devices trying to connect through that NAS will have access granted. However, if there are issues with the user device configuration, Cloud will still generate alerts to inform you of these problems. The alerts may appear as if Cloud denied access, but it actually granted it because the device is in monitoring mode.

Think of monitoring mode as similar to having a global MAC bypass list. When a user device tries to authenticate using 802.1X and fails, Portnox Cloud checks if the device’s MAC address is on the bypass list. If it is, Cloud allows the device access to the network.

How to use monitoring mode

We recommend using monitoring mode when troubleshooting and when you can’t get user devices to connect. Since organizations often introduce Portnox Cloud directly into a production environment, even when you introduce it incrementally switch by switch, it may cause disruptions.

Here’s how you can use monitoring mode effectively:

  • Start by adding a NAS device accessed by a group of users who won’t be significantly affected if network connections temporarily fail. Set that NAS device to monitoring mode for a specific period, like 24 hours.

  • During the monitoring period, review the user devices trying to connect and fix any alerts related to those devices. Once you are sure that the devices are authenticating correctly, you can turn off monitoring mode for that NAS device.

In urgent cases affecting the entire network, you can turn on the global monitoring mode and manually delete all NAS devices listed on the Devices screen. As soon as a user device tries to connect using any of your NAS devices, Portnox Cloud will automatically add these devices in monitoring mode, and all connections will be successful, letting you troubleshoot large-scale issues without impacting many users.

Considerations and warnings

Be careful when using the global monitoring mode for extended periods, especially with Wi-Fi networks. In this mode, Portnox Cloud will let every device connect to the network, and these devices will be visible on the Devices screen. This can cause a large number of new and unknown devices, for example, if mobile phones use random MAC addresses for privacy. Additionally, anyone within your network’s range trying to connect, even if they are not part of your organization, will also be added to the Devices list and granted network access.

A common issue with this scenario is that the number of devices increases rapidly, potentially exceeding the maximum number of devices allowed by your license. Once you exceed the license allowance, Portnox Cloud will block new devices. Devices that connected earlier, which are not essential or not associated with your organization, may cause legitimate devices to be unable to connect to the network.