HomeConsole

Broadcast Discovery

The BroadcastDiscovery feature allows you to set an action for broadcast discovery protection rules during a VPN session.

The module creates the rules for next UDP ports: 161, 162, 10161, and 10162.

  • Port 161: Used by the SNMP manager to send requests to the SNMP agent.

  • Port 162: Used by the SNMP agent to send asynchronous notifications (traps) to the manager.

  • Ports 10161 and 10162: used for encrypted communication with SNMPv3

Use Cases

In some scenarios the LAN device discovery is broadcast traffic based. When KillSwitch is enabled the broadcast type of traffic gets blocked, since the KillSwitch blocks all the traffic, and Local networks module allows traffic only for unicast addresses of the local networks. Permitting the broadcast discovery is recommended in scenarios where you want to allow the traffic to SNMP ports for broadcast discovery but keep existing protection features active. Blocking is recommended in scenarios where the KillSwitch is disabled but you want to block broadcast discovery explicitly.

Setting a protection rule

You can control the rule for broadcast dicovery only on starting VPN session (the same as for Block local networks feature).

Supported values for action rule are described in RuleAction enum:

  • Nothing - doesn't create any rules for broadcast discovery module

  • Block - blocks receiving the messages to local SNMP ports and sending to remote SNMP ports for remote Broadcast IP address

  • Permit - permits receiving the messages to local SNMP ports and sending to remote SNMP ports for remote Broadcast IP address

In the code snippet provided, the BroadcastDiscovery property of the StartVpnRequest object is set to Block. This instructs the VPN client to block receiving the messages to local SNMP ports and sending to remote SNMP ports for remote Broadcast IP address (255.255.255.255) while the VPN is active.

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    BroadcastDiscovery = RuleAction.Block,
};

var vpnResponse = sdk.StartVpn(startVpnRequest);
PreviousBlock Local NetworksNextOther

Last updated

Was this helpful?