Hello everyone,
Been looking through the forums here and googled alot but can’t find a single answer to my question.
We have a scenario where we want to scan a single server subnet from different client subnets on a recurring basis. 99% of all cases I’ve seen examples of are in the form of one VM on a subnet scanning other subnets and not the other way around.
We could set up a master-slave setup with multiple slaves but this would be very resource ineffective.
Is it possible to achieve this with a single instance VM instead given that it is equipped with the sufficient network adapters despite that you can only set one global gateway and that I can’t find any routing settings for next-hops anywhere in the configuration nor can I find any way of using separate gateways depending on what interface the scan is made from.
In linux in general, this is quite simple using source routing but from GSM’s point of view, I see no easy way of achieving this in GSM through it’s built-in config settings.
Hi Conny. Tghis setup is indeed one that I would try to solve with a Master-Sensor-Setup. If you want to make this work with the one virtual interface of a CE, maybe set up different routes for the physical interfaces of the VM-host and switch the bridged interfaces between the scans?
Indeed going the Master-Sensor route is the easy way out but VERY resource ineffective due to that I need at least 10 probes.
Considering the ram this will take per sensor running full scans given that the network that needs to be scanned is a /22 packed with servers and devices, it would be much more resource efficient bumping one single OpenVAS appliance to 32gb+ ram and more cores along with multiple dedicated interfaces on separate vlans in VMware with separate routing tables for each interface instead of having 10+ Sensors with i.e. 24gb+ of ram each.
As the OpenVAS appliance is running Debian, accomplishing a multi-routing table setup is not a problem and fairly easy. I’m only surprised that this is not available out-of-the box.
I can hardly be alone facing this kind of scenario as scanning i.e. a server network from multiple origins is as common as scanning multiple client networks from a single origin.