Skip to content

Introduction to Network Control


The Network Control module provides everything that is required to manage and connect modern distributed systems in a network. The ability to drill down to the network settings empowers administrators to design a trustworthy and resilient network architecture. It has advanced configuration options providing the must needed leverage to segregate and segment the network forming the baseline of your network architecture.

Developing a robust strategy to ensure asset management requires full visibility of the IT assets deployed in the network. The advanced capabilities of the network control module allow network monitoring and easy identification of your assets. These assets can also be manually mapped to assign its device name, associated user, and the device type categorization. These data points can be further used to categorize assets for data classification and vulnerability management.

The SD-WAN feature incorporated in the network control module offers the option of secure encrypted VPN tunnelling preventing eavesdropping and malicious interception of communication.

The Crystal Eye XDR works as a DHCP server by default and allows users to manage the DHCP server for all interfaces. The DNS app can be used to implement various DNS related settings that may directly affect availability.

Network Discovery & Asset Identification

The Crystal Eye XDRs Network Mapping application helps organizations to track all inactive and active devices. This tool allows administrators to find asset clusters and map them with device nicknames, users, device types, device MAC address and hostname. Familiarization of these data points play an important role in asset management in ISO 27001:2022

Read about Network Mapping application

Scanning Emails for Viruses and Malware

The Crystal Eye XDR can be configured to act as an SMTP server and scan all incoming and outgoing emails by deploying tailored configurations of the Email Scanning Gateway. The operation modes of the Email Scanning Gateway application are diverse and can run in one of the following 4 operation modes mentioned below.

  • CE XDR as an SMTP Server

  • Custom Relay Host

  • O365 as a Relay Host

  • O365 (OAuth2) as a Relay Host

Read about Email Scanning Gateway application

Managing IT Infrastructure (DHCP Server/DNS Server/Network Settings)

The Crystal Eye XDR is designed to act as a DHCP Server for all devices connected to the network. Static IP addresses can be assigned to devices in the network forming a firm baseline for asset management.

The CE XDR also acts as a DNS server as a part of a wide offering allowing centralized control for all DNS configurations such as DNS forwarding, manual DNS banning and DNS sinkholing. The app also has an enriched DNS reports section providing valuable insights on DNS requests over time(graph), Top request RRNAMES (table), Top Response Data (table), Top DNS servers (table). Top DNS Clients (table), Top Request Types (table), and Top Response Codes (table).

The CE XDR has capabilities to segregate network and implement customized network settings for various interfaces and zones with the help of the Network Settings application. Network segmentation and segregation is a fundamental network strategy that can be implemented to reduce the impact of a possible intrusion. This application can be used to activate LAN interfaces in the network, assign both custom zones to the activated LAN interfaces, assign IP subnet for the LAN and WAN interface, set netmask, alter the WAN settings etc.

Read about DHCP application

Read about DNS application

Read about Network Settings application

Conducting Latency Tests | Monitoring Faults, Availability, and Performance

The Network Diagnostic Tool app provides option to the administrator to access some frequently used networking tools like Ping and Tracepath. The app is built to provide a great deal of networking related information to the administrator. The features of this tool is widely used to find causes of glitches in the network interface. The Network Diagnosis Tool provides enhanced capabilities to Ping which helps to analyse the host and check whether it’s responding. The tracepath feature of the network diagnostic tool is used by Crystal Eye XDR administrators to trace the journey of a data that it undertakes to reach a designated destination.

Read about Network Diagnostic Tool application

Routing Using Crystal Eye XDR

The Crystal Eye XDR facilitates both dynamic routing and static routing. It also allows users to configure multiple WAN connections for failover and load balancing scenarios.

Static routes are typically used when there is a need to direct traffic between two different networks. The Static Routing app is a useful tool for network administrators who want to control the flow of traffic on their corporate networks. Dynamic Routing application offers the ability to recover from routing failures portraying high standards to manage networks that require fault tolerance.

The Multi-WAN feature of the Crystal Eye XDR supports both ISP failover and network load balancing. These extended capabilities ensure mission-critical operations proceed during a ISP disruption enabling organizations to comply with ISO 27002:2022 frameworks control “8.14 Redundancy of Information Processing Facilities”.

Read about Multi-WAN application

Read about Dynamic Routing application

Read about Static Routing application

Connecting Sites and Remote Workers Using Crystal Eye XDRs SD-WAN Tech Stack

Crystal Eye XDRs SD-WAN offers the capability to connect multiple sites and create a VPN mesh architecture using IPsec VPN or Wireguard VPN. In addition to this, it also provides a robust VPN platform for remote access users creating SSL VPN tunnel between a site and single user end-point device such as laptops, desktops, phones and tablets.

The IPsec VPN application has elaborate features that allow users to create custom IPsec VPN policies. These IPsec policies play a vital role in outlining specific recommendations and best practices for securing the IPsec VPN connections.

The encryption methodology configured allows the IPsec tunnel to provide security functions such as ‘privacy’. Some of the other security functions offered by CE XDR’s IPsec VPN provide the required integrity of the content through data authentication. It is imperative to configure a strong cryptography on the IPsec VPN connection so that the tunnel is not at risk and that the data confidentiality is not lost.

The SSL VPN application of the CE XDR is used to create Remote-access VPN connections in full tunnel mode and split-tunnel mode. CE XDR’s SSL VPN application essentially allows users to connect to a remote network behind the CE XDR with the help of secured SSL based connections. The Crystal Eye XDR provides cutting edge technology ensuring smooth connectivity over a VPN network.

The WireGuard application is a modern VPN solution (as compared to SSL VPN) and it utilizes inbuilt state-of-the-art cryptography. Crystal Eye XDR offers the capability to implement site-to-site VPN allowing users to connect to resources placed in multiple sites. The app can be switched to both split-tunnel mode and full tunnel mode to create a secure tunnel between multiple sites.

Read about IPsec VPN application

Read about SSL VPN application

Read about Wireguard application

Wireless Access Point

Crystal Eye XDRs Wireless Access Point application configures and manages wireless network interface on the network. Using this app, the CE XDR administrator can essentially establish a Wi-Fi network which can be used to gain access to the internet using Wi-Fi devices.

Read about Wireless Access Point application