Cisco Cisco NAC Appliance 4.1.0
9-27
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 9 User Management: Traffic Control, Bandwidth, Schedule
Example Traffic Policies
Adding Traffic Policies for Default Roles
Create Untrusted -> Trusted traffic policies for the default roles (Unauthenticated, Temporary, and
Quarantine) to allow users access to any of the resources described below.
Quarantine) to allow users access to any of the resources described below.
Unauthenticated Role
If customizing the web login page to reference logos or files on the CAM or external URL, create IP
policies to allow the Unauthenticated role HTTP (port 80) access to the CAM or external server. (See
also
policies to allow the Unauthenticated role HTTP (port 80) access to the CAM or external server. (See
also
and
for details.)
Clean Access Agent Temporary Role
•
If providing definition updates for enterprise antivirus products, allow access to the local update
server so that the Clean Access Agent can trigger a live update (see
server so that the Clean Access Agent can trigger a live update (see
•
If providing required software packages from the CAM (e.g, via File Distribution), create IP policies
to allow Temporary role access to port 80 (HTTP) of the CAM. Make sure to specify IP
address/subnet mask to allow access only to the CAM (for example,
10.201.240.11/255.255.255.255:80).
to allow Temporary role access to port 80 (HTTP) of the CAM. Make sure to specify IP
address/subnet mask to allow access only to the CAM (for example,
10.201.240.11/255.255.255.255:80).
•
Enable Default Host Policies and Trusted DNS Server and/or create new allowed Host policies to
allow users access to update sites (see
allow users access to update sites (see
•
Set up any additional traffic policies to allow users in the Temporary role access to external web
pages or servers (for example, see
pages or servers (for example, see
Quarantine Role
•
If providing required software packages from the CAM (e.g. via network scanning Vulnerabilities
page), create IP policies to allow the Quarantine role access to port 80 (HTTP) of the CAM. Make
sure to specify the IP address and subnet mask to allow access only to the CAM (for example,
10.201.240.11 /255.255.255.255:80).
page), create IP policies to allow the Quarantine role access to port 80 (HTTP) of the CAM. Make
sure to specify the IP address and subnet mask to allow access only to the CAM (for example,
10.201.240.11 /255.255.255.255:80).
•
Enable Default Host Policies and Trusted DNS Server and/or create new allowed Host policies to
allow users access to update sites (see
allow users access to update sites (see
•
Set up any additional traffic policies to allow users in the Quarantine role access to external web
pages or servers for remediation.
pages or servers for remediation.