Table of Contents
Advertisement
How endpoints are quarantined and
Enforcement Mode
redirected to Novell ZENworks Network
Access Control
802.1X
DHCP server (MS DHCP server, and
so on) gives the endpoint:
ACLs on network devices must be
configured to limit where endpoints on
the quarantine VLAN can go.
Iptables prerouting chains rewrite traffic
coming from quarantine subnets (as
defined in the user interface) and
destined for Novell ZENworks Network
Access Control (due to Novell
ZENworks Network Access Control
DNS) so that:
Novell ZENworks Network Access
Control:80 --> Novell ZENworks
Network Access Control:88
Novell ZENworks Network Access
Control:443 --> Novell ZENworks
Network Access Control:89
Traffic coming from non-quarantine
ranges will not be rewritten, so that
users can get to the Novell ZENworks
Network Access Control user interface
on port 443.
NOTES:
(*) The gateway does not have to be in the broadcast domain (which is good, since the netmask
gives the endpoint on real broadcast domain), as long as it is in the same (Layer 2) subnet—the
router will get you there.
(**) Allowing access to the Internet is up to the customer, but is necessary for access to any IP
addresses in Accessible services (System configuration>>Cluster setting defaults
area>>Accessible services).
Quarantine range IP address
Appropriate netmask for
quarantine subnet
Appropriate default gateway
Novell ZENworks Network Access
Control server's IP as DNS server
(will resolve everything except
Accessible services to the
Novell ZENworks Network Access
Control IP address)
Very low DHCP lease time (~3
minutes)
How quarantined endpoints reach
accessible devices
Novell ZENworks Network Access
Control DNS — As in endpoint
enforcement (for access to names in
Accessible services)
ACLs on the switch prevent
quarantined systems from talking to
production systems, but allow for the
following specific traffic:
Quarantine --> Novell ZENworks
Network Access Control (OK)
Production -?-> Quarantine
(Maybe*)
Quarantine -|-> Production (NO)
Quarantine -?-> Internet
(Maybe**)
Endpoint Activity 155
Advertisement
Table of Contents
Related Manuals for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008
Related Products for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP2 Beta 1
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- Novell Account Management 2.1
- NOVELL ADMINSTUDIO 9.5
- NOVELL APPARMOR - AND