Deploying Novell Zenworks Network Access Control Inline - Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008 Installation Manual

Multiple-server Installation, Quarantine Method, DHCP
Figure 1-4
1.1 Deploying Novell ZENworks Network Access
Control Inline
The ES's position in the network is between the endpoints and the rest of the network; acting as a
gateway and only allowing endpoints access to network resources that have met the necessary
security requirements. Novell ZENworks Network Access Control uses two network interfaces to
bridge traffic between endpoints and the rest of the network. Novell ZENworks Network Access
Control uses a high-speed, Layer 2 bridge; network IP address changes are not required. Since
Novell ZENworks Network Access Control itself denies endpoints access to the network, policy
enforcement using internal routers, switches, or other endpoints is not required.
Novell ZENworks Network Access Control utilizes a pass-through authentication feature that
allows it to work with any virtual private network (VPN), remote access server (RAS), and network
authentication protocol or directory.
By default, an onboard firewall blocks all traffic from endpoints. Novell ZENworks Network
Access Control allows network access to only successfully tested endpoints (or when there is a grace
period for failed tests). When a test or tests pass, Novell ZENworks Network Access Control inserts
rules into the onboard firewall to allow all traffic from the endpoint. Novell ZENworks Network
Access Control uses a proprietary method to uniquely identify each endpoint as it connects to the
network, and does not install cookies or software on the end-user's endpoint.
NOTE: When the MS and ES are installed on the same server (single-server Installation), that
server's position in the network must be between the endpoints and the rest of the network.
Deployment Flexibility 11