Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - 09-22-2008 User Manual page 207

NOTE: In DHCP mode, if an endpoint with an unsupported OS already has a DHCP-assigned
IP address, Novell ZENworks Network Access Control cannot affect this endpoint in any way
until the lease on the existing IP address for that endpoint expires. If an endpoint with an
unsupported OS has a static IP address, Novell ZENworks Network Access Control cannot
affect this endpoint in any way. In both of these cases, the System Monitor window may show
the quarantined icon next to these endpoints; however, if you hover your mouse over the red
circle, the actual status shows that the endpoint should be quarantined, but the quarantine action
was unsuccessful.
IMPORTANT: Allowing untested endpoints on your network contains risks. See
"Untestable Endpoints and DHCP Mode," on page 222
NOTE: A security best practice is to not allow unsupported operating systems (untested
endpoints) on your network. It is more secure to allow untested endpoints access to your
network on a case-by-case basis by adding them to the System
configuration>>Exceptions>>Whitelist window.
7 In the Retest frequency area, enter how frequently Novell ZENworks Network
Access Control should retest a connected machine.
TIP: A lower number ensures higher security, but puts more load on the Novell ZENworks
Network Access Control server.
8 In the Inactive endpoints area, enter how long an end-user can be inactive before
they are quarantined. To allow end-users to remain connected indefinitely select never
quarantine inactive endpoints.
9 Click the Domains and endpoints menu option to open the Domains and
endpoints window, shown in the following figure:
Add a NAC Policy, Domains and Endpoints
Figure 6-7
10 Click on a cluster name.
11 Enter the names of Windows domains to be tested by this cluster for this NAC policy, separated
by a carriage return.
for more information.
Section 7.7,
NAC Policies 207