Table of Contents
Advertisement
x is the number of seconds to allow the lights to blink
3 The return values are similar to the following, which also indicates that the connected interface
is eth0:
# ethtool eth0
Settings for eth0:
Supported ports: [ MII ]
Supported link modes:
Supports auto-negotiation: Yes
Advertised link modes:
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes
TIP: In normal operation, Novell ZENworks Network Access Control does not respond to Internet
Control Message Protocol (ICMP or ping) echo requests.
1.5 Deploying Novell ZENworks Network Access
Control in VPN Mode on a Different Network
When Novell ZENworks Network Access Control is deployed in VPN mode, the eth1 interface on
Novell ZENworks Network Access Control is usually connected directly (either by way of a
crossover cable, isolated switch, or VLAN) to the LAN-facing side of the VPN concentrator. If the
same logical subnet (such as, 10.10.0.0/16) is used for Novell ZENworks Network Access Control,
the concentrator, and the VPN clients, no modifications need be made.
However, problems can arise if the following conditions are all true:
Novell ZENworks Network Access Control is in a different logical subnet than that used by the
VPN concentrator OR the VPN client endpoints.
The router on the LAN (eth0) side of Novell ZENworks Network Access Control is configured
for best-practices egress filtering, and will not route packets that have a source IP address
outside the network segment from which they appear to originate.
See the
SANS Egress Filtering FAQ (http://www.sans.org/reading_room/whitepapers/
firewalls/1059.php)
The most obvious symptom of this situation is that Novell ZENworks Network Access Control will
not be able to redirect endpoint clients (they will get a blank browser page that appears to take
forever to load) but the endpoint browser is able to browse directly to https://<Novell
ZENworks Network Access Control_IP_Address>:89/ and get tested.
10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
for a more thorough discussion of egress filtering.
Deployment Flexibility
19
Advertisement
Chapters
Table of Contents
Related Manuals for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
Related Products for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STARTUP GUIDE 05-08-2008
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - HIGH AVAILABILITY CONFIGURATION GUIDE 06-17-2009
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
Need help?
Do you have a question about the ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008 and is the answer not in the manual?
Questions and answers