NetXMS Support Forum

Hello. I manually added an edge router that peers into an IX and NetXMS is discovering all the devices via ICMP (and trying to poll via SNMP) all the devices which are on the same L2 as my router in the IX peering network. I recognize this is by design, but in this case, I need to exclude this subnet from being discovered in any way. Is this possible?

I think I may have figured it out. I had set Network Discovery to Active and Passive, but Discovery Filter was set to "No filtering". I set it to "Accept node if it's within given range" and added prefixes to the Address Filters list.
Is this the right way to limit passive discovery?

We have the same issue, but we use a lot of Zones with Proxy Nodes and a lot of overlapping subnets so using the "Accept node if it's within given range" can be cumbersome to manage.  The only way I found so far to prevent scanning in our case is to add firewall rules on the edge device that prevents connectivity and scanning to that subnet, from the proxy node.

If there's a better way to do this, I'm all ears!

For zoned environments probably the only way is to use filtering script that will check allowed ranges per zone. Mapping tables or custom attributes on zone objects can be used to store allowed or forbidden ranges.
But in general I think we need per zone address range filters, probably implemented as zone object properties.

Best regards,
Victor