Table of Contents
Advertisement
Quarantined Networks
7
This chapter describes the following general Novell ZENworks Network Access Control quarantine
information:
Section 7.1, "Endpoint Quarantine Precedence," on page 217
Section 7.2, "Using Ports in Accessible Services and Endpoints," on page 218
Section 7.3, "Always Granting Access to an Endpoint," on page 220
Section 7.4, "Always Quarantining an Endpoint," on page 221
Section 7.5, "New Users," on page 221
Section 7.6, "Shared Resources," on page 221
Section 7.7, "Untestable Endpoints and DHCP Mode," on page 222
Section 7.8, "Windows Domain Authentication and Quarantined Endpoints," on page 222
7.1 Endpoint Quarantine Precedence
Endpoints are quarantined in the following hierarchical order:
1 Access mode (normal operation or allow all)
2 Temporarily quarantine for/Temporarily grant access for radio buttons
3 Endpoint testing exceptions (always grant access, always quarantine)
4 Post-connect (external quarantine request)
5 NAC policies
NOTE: In DHCP mode, if an endpoint with an unsupported OS already has a DHCP-assigned IP
address, Novell ZENworks Network Access Control cannot affect this endpoint in any way until the
lease on the existing IP address for that endpoint expires. If an endpoint with an unsupported OS has
a static IP address, Novell ZENworks Network Access Control cannot affect this endpoint in any
way. In both of these cases, the System Monitor window may show the quarantined icon next to
these endpoints; however, if you hover your mouse over the post-connect service icon, the actual
status shows that the endpoint should be quarantined, but the quarantine action was unsuccessful.
7
Quarantined Networks
217
Advertisement
Table of Contents
