Overview
When scanning a range of computers on the network, GFI LanGuard does not perform a scan on all the machines specified in the network range. Some computers are missing from the Scan Results.
This article provides recommendations on how to properly set up the machines for scanning.
Diagnosis
The are several common root causes for the target machines not being scanned by the GFI LanGuard server. They are listed below along with the recommendations on how to address them.
Solution
Offline / Non-Responsive Computers
By default, GFI LanGuard ignores machines on a network that do not respond to ICMP, NetBIOS, or SNMP requests. Such a lack of responses means that the device is either switched off at the time of scanning or that some machine/environment settings disrupt communications and prevent the requests from being processed correctly.
- Make sure all computers you wish to scan are powered on at the time the scan is performed.
- Verify Firewall Ports and Permissions on target machines and that they are reachable from the LanGuard server either by ping, SNMP, or NetBIOS requests.
- Ensure that the appropriate scanner options in the Scanning Profile's Network Discovery properties are enabled:
- Open the GFI LanGuard console and go to the Configuration tab.
- Expand Scanning Profiles and choose the appropriate profile used for the scan having issues.
- Go to Edit this Profile > Scanner Options.
- Ensure that only the required Network Discovery methods are enabled. For example, if the computers are configured to ignore ICMP packets or ping, disable the Ping Sweep option.
- For the slow environment, increase the Network Discovery Query Responses Timeout value under the Network Discovery Options section. The default is 500ms.
Note: LanGuard can be configured to try and scan the machine even if it is detected as non-responsive. This can be configured in the Network Discovery Options by selecting to include non-responsive computers.
Licensing
When scanning a range of computers, it is essential that GFI LanGuard has sufficient licenses available to save all Scan Results in the database. If the scan has more new targets than licenses available, GFI LanGuard will stop scanning as soon as all licenses are consumed.
NOTE: If the database already contains a previous Scan Result for a particular computer, an additional license is not required anymore for that computer during future scans.
The current license status can be checked in the GFI LanGuard Console > Configuration > General > Licensing.
Note: If you are near or at the license limit you must free up licenses in order to scan more computers.
IP Range Count
it is important to understand how IP ranges are interpreted by the GFI Languard, since the confusion here may lead to machines being out of scanning range.
When providing GFI LanGuard with a text file containing IP address ranges to be scanned, GFI LanGuard interprets the ranges in the following manner:
IP address range: 172.16.2.1 - 172.16.3.50
GFI LanGuard interprets this as the next two ranges:
172.16.2.1-172.16.2.50
172.16.3.1-172.16.3.50
GFI LanGuard does not interpret this as the following two ranges:
172.16.2.1-172.16.2.254
172.16.3.1-172.16.3.50
NOTE: All machines outside the address range above are not scanned by GFI LanGuard.
Testing
Once the root cause is found and addressed, the GFI LanGuard should be able to scan all target machines specified in the network.