Remediation Service; Trustzone-Border - Barracuda Networks NG Network Access Client SP4 Administrator's Manual

List 2–6 Access Control Server - Access Control Server Settings - System Health-Validator – section Referrals
Parameter
VPN Remediation Service IPs
Sync authentication to Trustzone
2.2.2

Remediation Service

List 2–7 Access Control Server - Access Control Server Settings - Remediation Server – section General
Parameter Description
Start Setting to
Remediation
Service
TLS required Set to
security since personal firewall rule sets are transmitted unencrypted over the network.
2.2.3

Trustzone-Border

List 2–8 Access Control Server - Access Control Server Settings - Trustzone-Border – section General
Parameter
Start Border Health-Validator
Trustzone Border IP
Foreign Health Passp. Verification
Allowed Peer Networks
2.2.4 802.1X
List 2–9 Access Control Server - Access Control Server Settings - 802.1X – section 802.1X
Parameter
Start 802.1X Radius Validator
Log Authentications
19 Barracuda NG Network Access Client - Administrator's Guide
Description
Define where the Access Control Service remediation service module is reachable for VPN clients.
Note:
This IP address must not be the same IP address as already used as an Internal or External Remediation
Service IP address.
Example: For the internal Clients the Access Control Service listening socket is on 10.0.8.108 and you want to
have also a remediation service for clients which are connected with VPN.
• Introduce an additional IP address, for example 10.0.8.150 on Virtual Server Layer and insert these
two Bind IPs (10.0.8.108 and 10.0.8.150) in the Access Control Service Configuration.
• Now open the Access Control service settings, scroll down to the VPN Remediation Service IPs and
select the IP Address 10.0.8.150 from the pull-down menu.
Using a Barracuda NG Control Center multiple Access Control Services can reference to the same trustzone.
Already validated clients can be propagated to all Access Control Services sharing the same trustzone
configuration. This also affects gateway firewall authentication. This parameter is only available on a CC.
yes starts the Access Control Server remediation service module.
yes will allow unencrypted downloads from the remediation server. This will increase download velocity, but decrease
Description
Starts the Access Control Service module responsible for trustzone border health state evaluation.
IP address the health validator uses for listening for trustzone border health validations.
Add all foreign health passport verification keys whose health passports should be trusted for this border
trustzone. The Health state of clients with a signed and trusted health passport is revalidated for this
trustzone but their authentication credentials are accepted from the signed cookie.
Only peers from listed networks are allowed to perform trustzone border health validations.
Description
To use 802.1X port authentication configure your 802.1X capable switch to use a RADIUS server with this servers
server IP address. Then set this parameter to Yes.
Log every authentication request, for debugging purposes. (parameter is only visible in Advanced View mode)