SANGFOR IAM v2.1 User Manual
33
[Monitored Network Segment List]: Configure the network segments to be monitored.
In order to have the IAM gateway device connecting to the console or the client-updater, the
[IP Address] and [Default Gateway] must be configured and the network cable should
connect to the DMZ interface.
Since bypass-mode IAM gateway mode needs only one network cable to connect the LAN
interface or WAN1 (of the IAM device) to the HUB or mirror port of the switch, IAM
gateway device has no knowledge of which addresses are LAN addresses or which addresses
are WAN addresses, but regards the addresses in the [Monitored Network Segment List] as
LAN addresses. Access data sent to the Internet through these monitored addresses will be
recorded or controlled. However, IAM gateway device will default not to record the access
between two LAN PCs, which means, communication between any of the two addresses in
the [Monitored Network Segment List] will not be monitored.
Also, access data sent to the Internet through the server(s) of the [Monitored Server List] will
be recorded or controlled. Different from [Monitored Network Segment List], the access data
sent by the network segment(s) and passing through the LAN servers will be recorded.
The data irrelevant to the addresses or severs in the above two lists will not be monitored.