Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/ndr/help/en-us/index.html?contextId=global-settings

Global NDR Settings

If NDR is installed on the appliance, you see the Global NDR Settings section. The following settings are available: VLAN Strip and OS Detection. They're turned off by default.

Global NDR Settings.

VLAN Strip

When you turn VLAN Strip on, it removes the VLAN tag by setting it to 0 in all packet headers. Usually, this is not needed. However, some switch manufacturers tag the packets differently for ingress and egress traffic, causing our NDR packet inspection engine to see a single network communication as two (one for each direction).

OS Detection

OS Detection uses Nmap to detect which operating system a node on the network is running on. However, this feature can cause other security products to generate detections, so it's turned off by default. If you turn this setting on, every two hours, any internal IP address seen on the network is scanned using the following Nmap command: 'nmap -O <ip address>'.