Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
291292293294295296297298299300
8-21
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Configure Policies for Agent Temporary and Quarantine Roles
Figure 8-16 IP Traffic Policies—Temporary Role
11.
To configure an IP policy, click the Add Policy link next to the Temporary role. For example, if you
are providing required software installation files yourself (e.g. via a File Distribution requirement
for a file on the CAM), set up an Untrusted->Trusted IP-based traffic policy that allows the
Temporary role access to port 443 (HTTPS) of the CAM (for example, 10.201.240.11
/255.255.255.255:443). If you want users to be able to correct their systems using any other external
web pages or servers, set up permissions for accessing those web resources. For further details on
the Add Policy page, see Add IP-Based Policy, page 8-4.
12. To configure Host policies, click the Host link at the top of the Traffic Control tab. Configure
host-based traffic policies enabling access to the servers that host the installation files, as described
in the following sections:
Enable Default Allowed Hosts, page 8-9
Add Allowed Host, page 8-10
Adding Traffic Policies for Default Roles, page 8-27
Configure Network Scanning Quarantine Role
See Chapter 12, “Configuring Network Scanning for complete details on network scanning
configuration.
Cisco NAC Appliance can assign a user to a quarantine role if it discovers a serious vulnerability in the
client system. The role is a mechanism intended to give users temporary network access to fix their
machines. Note that quarantining vulnerable users is optional. Alternatives include blocking the user or
providing them with a warning. If you do not intend to quarantine vulnerable users, you can skip this
step.
Create Additional Quarantine Role
By default, the system provides a default Quarantine role with a session time out of 4 minutes that only
needs to be configured with traffic policies. The following describes how to create an additional
quarantine role, if multiple quarantine roles are desired.
1. Go to User Management > User Roles > New Role.