Firewall Settings; Managed Endpoints; Unmanaged Endpoints; Allowing The Windows Rpc Service Through The Firewall - HP 800 User Manual

Firewall Settings

NAC 800 can perform tests through firewalls on both managed and unmanaged
endpoints.

Managed Endpoints

Typically, a managed endpoint's firewall is controlled with the Domain Group
Policy for Windows, or a central policy manager for other firewalls. In this
case, the network administrator opens up the agent port or agentless ports
only to the NAC 800 server using the centralized policy.
If the Domain Group Policy is not used for Windows endpoints, the appropri-
ate ports are opened during the agent installation process by the NAC 800
installer.

Unmanaged Endpoints

For unmanaged endpoints, the NAC Agent and the ActiveX control test
methods automatically open the necessary ports for testing.
End-users connecting with Windows XP, but a non-SP2 firewall (such as
Norton) must configure that firewall to allow connection to NAC 800 on port
1500, or the installation of the agent fails.
Allowing the Windows RPC Service Through the
Firewall
If end-users enable the XP SP2 Professional firewall, they need to change the
configuration to allow the agentless testing.
TIP:
These firewall configuration methods can be configured using the Windows
Group policy and pushed out to all users of a Windows domain.
The following method is the recommended method:
To configure the Windows XP Professional firewall to allow the RPC service
to connect:
Windows>>Start>>Settings>>Control Panel>>Windows Firewall>>Advanced
tab>>Settings button
End-user Access

Firewall Settings

5-9