Extreme Networks Sentriant AG Software User's Manual page 375
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (526 pages)
Table of Contents
Advertisement
Table 18: Troubleshooting Quarantined Endpoints (continued)
Enforcement Mode
Inline /
VPN split
Gateway
tunnel
(multihomed
endpoint)
Inline /
VPN not
Gateway
split tunnel
(all traffic
through
VPN)
NOTES:
•
(*) The gateway does not have to be in the broadcast domain (which is good, since the netmask gives the
endpoint no real broadcast domain), as long as it is in the same (Layer 2) subnet—the router will get you
there.
•
(**) Allowing access to the Internet is up to the customer, but is necessary for access to any IP addresses in
Quarantine/guest resources (System configuration>>Cluster setting defaults area>>Quarantine/guest
resources).
Sentriant AG Software Users Guide, Version 5.3
How endpoints are quarantined and
redirected to Sentriant AG
Sentriant AG acts as the man-in-the-
middle, iptables rewrites packets, and
forwards traffic to the Sentriant AG
system itself.
The production network is protected
from VPN users by iptables acting as a
firewall. VPN users can only get through
iptables by becoming compliant with a
Sentriant AG policy, after which a hole
is opened for their VPN IP address.
NOTE: In this configuration, the user
has to try and access an
internal site in order to be
redirected to Sentriant AG
(unless they have the
Sentriant AG Agent installed)
Sentriant AG acts as the man-in-the-
middle, iptables rewrites packets, and
forwards traffic to the Sentriant AG
system itself.
The production network is protected
from VPN users by iptables acting as a
firewall. VPN users can only get through
iptables by becoming compliant with a
Sentriant AG policy, after which a hole
is opened for their VPN IP address.
Troubleshooting Quarantined Endpoints
How quarantined endpoints reach accessible
devices
No need to allow public sites (endpoint
can get there directly, without going
through VPN and Sentriant AG).
iptables does NOT rewrite traffic destined
for (internal) IP addresses in Quarantine/
guest resources.
The names listed in Quarantine/guest
resources are not used.
iptables(?) does NOT rewrite traffic
destined for IP addresses in Quarantine/
guest resources.
The names listed in Quarantine/guest
resources are not used.
375
Advertisement
Table of Contents
Related Manuals for Extreme Networks Sentriant AG
Related Products for Extreme Networks Sentriant AG
- Extreme Networks SSA-T8028-0652
- Extreme Networks ExtremeRouting SLX 9850-8
- Extreme Networks SA201
- Extreme Networks ExtremeSwitching SLX 9540
- Extreme Networks ExtremeSwitching SLX 9030-48S
- Extreme Networks ExtremeSwitching SLX9150-48Y-8C-AC-F
- Extreme Networks ExtremeSwitching SLX9150-48XT-6C
- Extreme Networks ExtremeSwitching SLX9250-32C