Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
291292293294295296297298299300
8-23
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Configure Policies for Agent Temporary and Quarantine Roles
Configure Traffic Control Policies for the Quarantine Role
1. From User Management > User Roles > List of Roles, click the Policies icon next to the role (or
you can click the Traffic Control tab, choose the quarantine role from the dropdown menu and click
Select).
2. Choose the Quarantine Role from the role dropdown, leave Untrusted->Trusted for the direction
and click Select. This displays all IP policies for the Quarantine role.
3. To configure an IP policy, click the Add Policy link next to the Quarantine role.
Figure 8-18 Add Policy—Quarantine Role
4. Configure fields as described in Add IP-Based Policy, page 8-4.
If you are providing required software installation files from the CAM (e.g. via network
scanning Vulnerabilities page), set up an Untrusted->Trusted IP-based traffic policy that allows
the Quarantine role access to port 80 (HTTP) of the CAM (for example, 10.201.240.11
/255.255.255.255:80).
If you want users to be able to correct their systems using any other external web pages or
servers, set up permissions for accessing those web resources. See also Adding Traffic Policies
for Default Roles, page 8-27.
5. To configure Host policies, click the Host link for the Quarantine role at the top of the Traffic
Control tab. Configure host-based traffic policies enabling access to the servers that host the
installation files, as described in the following sections:
Enable Default Allowed Hosts, page 8-9
Add Allowed Host, page 8-10
Adding Traffic Policies for Default Roles, page 8-27
After configuring the quarantine role, you can apply it to users by selecting it as their quarantine role in
the Block/Quarantine users with vulnerabilities in role option of the General Setup tab. For details,
see Client Login Overview, page 1-6.
When finished configuring the quarantine role, load the scan plugins as described in Load Nessus
Plugins into the Clean Access Manager Repository, page 12-6.