Extreme Networks Sentriant AG Software User's Manual page 208
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (526 pages)
Table of Contents
Advertisement
NAC Policies
innocent until proven guilty - Endpoints assigned to the policy are granted access to the network
■
by default, but they must comply with the policy. After being allowed on the network, all
enabled Tests are performed on the endpoint. It will be quarantined only if it fails a test that
stipulates a quarantine action. By using this trust level, network access is not disrupted unless an
endpoint goes out of compliance, which is useful for NAC policies controlling employee's
endpoints, for example.
blacklisted - Endpoints assigned to the policy will not be granted network access, which is useful
■
for unauthorized or malicious endpoint users.
whitelisted - Endpoints assigned to the policy will always be granted network access. Examples
■
of endpoints that you might want to whitelist include printers, servers, VIP computers, IP
phones, and mobile devices used by employees. To help you organize such endpoints, consider
placing each of these kinds of devices into a separate NAC policy.
5 Select whether to Compliance-test endpoints assigned to the NAC policy.
yes - Enabled compliance Tests will be performed on the endpoints. The test results can be
■
viewed on each endpoint's Endpoint screen (see
no - Compliance tests will not be performed on the endpoints.
■
NOTE
This setting is always set to yes if the Trust level is either guilty until proven innocent or innocent until proven guilty.
6 In Retest frequency, enter how often the endpoints should be tested.
NOTE
This setting is available only if Compliance-test endpoints is set to yes.
NOTE
A lower number ensures higher security, but puts more load on the Sentriant AG enforcement server.
7 Select a NAC policy group in which to include the NAC policy.
8 Select the checkbox labeled This NAC policy is enabled to enable the policy.
When enabled, a NAC policy will be used to determine the access control status of any endpoint that
matches its set of Endpoints.
If disabled, the policy will be disregarded when attempting to assign endpoints to a NAC policy,
which is especially useful when (a) experimenting with policies to determine whether endpoints will
pass particular Tests in the policy or (b) establishing a baseline for policies. In these cases, copy the
policy that has proven to control the network access status of its specified Endpoints to your
satisfaction, using the policy's associated copy link in the NAC policies window, and disable the
copied policy using this setting. Then continue experimenting with the original NAC policy and,
after changing its settings, if it grants access to or quarantines too many or too few matching
208
"Managing Endpoints" on page
Sentriant AG Software Users Guide, Version 5.3
143).
Advertisement
Table of Contents
Related Manuals for Extreme Networks Sentriant AG
Related Products for Extreme Networks Sentriant AG
- Extreme Networks SSA-T8028-0652
- Extreme Networks ExtremeRouting SLX 9850-8
- Extreme Networks SA201
- Extreme Networks ExtremeSwitching SLX 9540
- Extreme Networks ExtremeSwitching SLX 9030-48S
- Extreme Networks ExtremeSwitching SLX9150-48Y-8C-AC-F
- Extreme Networks ExtremeSwitching SLX9150-48XT-6C
- Extreme Networks ExtremeSwitching SLX9250-32C