End-user Access
Firewall Settings
Sentriant AG can perform tests through firewalls on both managed and unmanaged endpoints.
Managed Endpoints
Typically, a managed endpoint's firewall is controlled with the Domain Group Policy for Windows, or a
central policy manager for other firewalls. In this case, the network administrator opens up the agent
port or agentless ports only to the Sentriant AG server using the centralized policy.
If the Domain Group Policy is not used for Windows endpoints, the appropriate ports are opened
during the agent installation process by the Sentriant AG installer.
Unmanaged Endpoints
For unmanaged endpoints, the NAC Agent and the ActiveX control test methods automatically open
the necessary ports for testing.
End-users connecting with Windows XP, but a non-SP2 firewall (such as Norton) must configure that
firewall to allow connection to Sentriant AG on port 1500, or the installation of the agent fails.
Making Changes to the Firewall
See the following sections for instructions:
"Allowing the Windows RPC Service through the Firewall" on page 168
●
"Allowing Sentriant AG through the OS X Firewall" on page 170
●
Windows Endpoint Settings
IE Internet Security Setting
If the end-user has their IE Internet security zone set to High, the endpoint is not testable. Using one of
the following options will allow the endpoint to be tested:
The end-user could change the Internet security to Medium (Tools>>Internet
●
options>>Security>>Custom level>>Reset to Medium).
The end-user could add the IP address of the Sentriant AG server to the Trusted sites zone, and then
●
set the Trusted sites zone to Medium.
The end-user could customize the High setting to allow the options necessary for Sentriant AG to
●
test successfully. These options are as follows:
The NAC Agent test uses ActiveX
■
The ActiveX test uses ActiveX
■
All of the tests use JavaScript
■
156
Sentriant AG Software Users Guide, Version 5.3