Table of Contents
Advertisement
You do not need to enter the IP address of the Novell ZENworks Network Access Control
server here. If you do, it can cause redirection problems when end-users try to connect. You do
need to add any update server names, such as the ones that provide anti-virus and software
updates. Novell ZENworks Network Access Control ships with many of the default server
names pre-populated, such as windowsupdate.com.
2 Click ok.
The following table provides additional information about accessible services and endpoints.
Accessible Services and Endpoints Tips
Table 3-4
Topic
Modes and IP addresses
Ranges
DHCP server IP address
Domain controller name
DHCP server and Domain
controller
Windows update server
3.17.4 Exceptions
The Exceptions menu option allows you to define the following:
The endpoints and domains that are always allowed access (whitelist)
The endpoints and domains that are always quarantined (blacklist)
Tip
When using inline mode, enter IP addresses rather than domain
names.
When using DHCP mode, use domain names for sites the user needs
to access, such as update servers, and use IP addresses for
endpoints that sit behind Novell ZENworks Network Access Control,
such as authentication servers.
Use a hyphen for a range of IP addresses (10.0.16.1-30) and a colon
for a range of ports (10.0.16.1:80:90).
In inline mode, you might need to specify the DHCP server IP
address in this field.
Regardless of where the Domain Controller (DC) is installed, you
must specify the DC name on the Quarantine tab in the Quarantine
area domain suffix field for each quarantine area defined.
In DHCP mode, when your DHCP server and Domain Controller are
behind Novell ZENworks Network Access Control, you must specify
ports 88, 135 to 159, 389, 1025, 1026, and 3268 as part of the
address. If you do not specify a DHCP address, users are blocked. If
you specify only the IP address with no port, endpoints are not
quarantined, even for failed tests. If your domain controller is not
situated behind Novell ZENworks Network Access Control, you must
configure your router to allow routes from the quarantine area to your
domain controller on ports 88, 135-159, 389, 1025, 1026, and 3268.
In inline mode, if an endpoint is quarantined and needs to access the
Windows Update server, it is not able to unless you enter
207.46.0.0/16 here. This is because iptables needs an IP
address, and would not be able to resolve the default of
windowsupdate.com.
System Configuration 121
Advertisement
Table of Contents
