Setting Up A Quarantine Area; Router Configuration; Configuring The Router Acls; Configuring Windows Update Service For Xp Sp2 - Extreme Networks Sentriant AG Software User's Manual
Version 5.2
Hide thumbs
Also See for Sentriant AG:
- Installation manual (80 pages) ,
- User manual (422 pages) ,
- Software user's manual (494 pages)
Table of Contents
Advertisement
Action to take for failed tests (see
●
DHCP quarantine options:
●
Router Access Control List (ACL) settings (see
■
Static routes assigned to the endpoint (see
■
"Deploying Sentriant AG using DHCP" in the Sentriant AG Installation Guide.
●
Setting up a Quarantine Area
Set up a restricted area of your network that users can access when you do not want to allow full access
to the network. See
"Quarantining, General" on page 82
Router Configuration
If you do not elect to enforce using static routes on the endpoint
you will need to configure router ACLs.
This option restricts the network access of non-compliant endpoints by assigning DHCP settings on a
quarantined network. The network, gateway, and ACLs restricting traffic must be configured on your
router, which is accomplished by multinetting or adding a virtual interface to the router that acts as the
quarantine gateway IP address. The quarantine area DHCP settings must reflect this configuration on
your router.
Configuring the Router ACLs
In order to sufficiently restrict access to and from the quarantine area, you must configure your router
Access Control Lists (ACLs) as follows:
Allow traffic to and from the Sentriant AG server and the quarantined network.
●
If you want to allow access to other endpoints outside of the quarantine area (for example a
●
Software Update Service (SUS) server), allow access to the server and port to and from the
quarantined network.
All other traffic should be denied both to and from the quarantined network.
●
NOTE
Restrict access to and from the quarantined network at the switch level as well.
Configuring Windows Update Service for XP SP2
If you plan to use Endpoint Routing Enforcement, note that most endpoints running Windows XP
Service Pack 2 cannot run Windows Update successfully from within quarantine, because of a
WinHTTP bug that as of this writing has not been fixed (see
more details.) Endpoints not in quarantine are not affected.
The problem occurs because the Windows Update (WU) client software uses WinHTTP to connect to
Microsoft's download sites; Internet Explorer connects to windowsupdate.microsoft.com; however, an
Sentriant AG Software Users Guide, Version 5.2
"Selecting Action Taken" on page
"Configuring the Router ACLs" on page
"Adding a DHCP Quarantine Area" on page
for instructions.
http://support.microsoft.com/kb/919477/
DHCP Quarantine Method
228)
("Quarantining, General" on page
251).
117)
82),
for
251
Advertisement
Table of Contents
Need help?
Do you have a question about the Sentriant AG and is the answer not in the manual?