Specifications
8-28
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 8 User Management: Traffic Control, Bandwidth, Schedule
Example Traffic Policies
For further details, see:
• Upload a Resource File, page 5-13
• Create Content for the Right Frame, page 5-11
• Create File Distribution/Link Distribution/Local Check Requirement, page 9-80
• Configure Vulnerability Handling, page 12-13
Table 8-2 Typical Traffic Policies for Roles
Resource Role Example Policies (Untrusted -> Trusted)
IP-Based Traffic Policies
Logo/right-frame content for
Login page (logo.jpg,
file.htm)
Unauthenticated
IP
(Files on CAM or External Server):
Allow TCP *.* <CAM_IP_address or
external_server_IP_address> / 255.255.255.255:
https (443)
User Agreement Page
(UAP.htm)
Redirect URL after blocked
access (block.htm) —
optional
Network Policy Page
(AUP.htm)
Temporary
File Distribution Requirement
file (Setup.exe)
Vulnerability Report file
(fixsteps.htm; stinger.exe)
Quarantine
Host-Based Traffic Policies
Enable Trusted DNS Server All roles using
Host policies
Trusted DNS Server: e.g. 63.93.96.20, or * (Any
DNS Server)
Link Distribution
Requirement (external
website)
Temporary Default Host: windowsupdate.com, or
Custom Host: database.clamav.net (equals)
Vulnerability Report (link to
external website)
Quarantine
Other
Proxy server in environment Any role with
access via proxy
IP:
<proxy_IP_address>/255.255.255.255:https(443)
Host: proxy-server.com (equals)
Full network access Normal Login
Role
Allow ALL TRAFFIC * /*