Deploying Sentriant Ag Inline; Figure 4: Multiple-Server Installation, Quarantine Method, Dhcp - Extreme Networks AG200 Installation Manual

Deployment Flexibility

Figure 4: Multiple-server Installation, Quarantine Method, DHCP

Deploying Sentriant AG Inline

The ES's position in the network is between the endpoints and the rest of the network; acting as a gateway and
only allowing endpoints access to network resources that have met the necessary security requirements.
Sentriant AG uses two network interfaces to bridge traffic between endpoints and the rest of the network.
Sentriant AG uses a high-speed, Layer 2 bridge; network IP address changes are not required. Since Sentriant AG
itself denies endpoints access to the network, policy enforcement using internal routers, switches, or other
endpoints is not required.
Sentriant AG utilizes a pass-through authentication feature that allows it to work with any virtual private network
(VPN), remote access server RAS), and network authentication protocol or directory.
(
By default, an onboard firewall blocks all traffic from endpoints. Sentriant AG allows network access to only
successfully tested endpoints (or when there is a grace period for failed tests). When a test or tests pass,
Sentriant AG inserts rules into the onboard firewall to allow all traffic from the endpoint. Sentriant AG uses a
proprietary method to uniquely identify each endpoint as it connects to the network, and does not install cookies
or software on the end-user's endpoint.
NOTE
When the MS and ES are installed on the same server (single-server Installation), that server's position in the
network must be between the endpoints and the rest of the network.
13
Sentriant AG Installation Guide, Version 5.0