Barracuda Networks VERSION SP4 User Manual
19 Barracuda NG Network Access Client - Administrator’s Guide
2.2.2
Remediation Service
2.2.3
Trustzone-Border
2.2.4
802.1X
VPN Remediation Service IPs
Define where the Access Control Service remediation service module is reachable for VPN clients.
Note:
This IP address must not be the same IP address as already used as an Internal or External Remediation
Service IP address.
Example: For the internal Clients the Access Control Service listening socket is on 10.0.8.108 and you want to
have also a remediation service for clients which are connected with VPN.
Note:
This IP address must not be the same IP address as already used as an Internal or External Remediation
Service IP address.
Example: For the internal Clients the Access Control Service listening socket is on 10.0.8.108 and you want to
have also a remediation service for clients which are connected with VPN.
• Introduce an additional IP address, for example 10.0.8.150 on Virtual Server Layer and insert these
two Bind IPs (10.0.8.108 and 10.0.8.150) in the Access Control Service Configuration.
• Now open the Access Control service settings, scroll down to the VPN Remediation Service IPs and
select the IP Address 10.0.8.150 from the pull-down menu.
Sync authentication to Trustzone
Using a Barracuda NG Control Center multiple Access Control Services can reference to the same trustzone.
Already validated clients can be propagated to all Access Control Services sharing the same trustzone
configuration. This also affects gateway firewall authentication. This parameter is only available on a CC.
Already validated clients can be propagated to all Access Control Services sharing the same trustzone
configuration. This also affects gateway firewall authentication. This parameter is only available on a CC.
List 2–7 Access Control Server - Access Control Server Settings - Remediation Server – section General
Parameter
Description
Start
Remediation
Service
Remediation
Service
Setting to
yes
starts the Access Control Server remediation service module.
TLS required
Set to
yes
will allow unencrypted downloads from the remediation server. This will increase download velocity, but decrease
security since personal firewall rule sets are transmitted unencrypted over the network.
List 2–8 Access Control Server - Access Control Server Settings - Trustzone-Border – section General
Parameter
Description
Start Border Health-Validator
Starts the Access Control Service module responsible for trustzone border health state evaluation.
Trustzone Border IP
IP address the health validator uses for listening for trustzone border health validations.
Foreign Health Passp. Verification
Add all foreign health passport verification keys whose health passports should be trusted for this border
trustzone. The Health state of clients with a signed and trusted health passport is revalidated for this
trustzone but their authentication credentials are accepted from the signed cookie.
trustzone. The Health state of clients with a signed and trusted health passport is revalidated for this
trustzone but their authentication credentials are accepted from the signed cookie.
Allowed Peer Networks
Only peers from listed networks are allowed to perform trustzone border health validations.
List 2–9 Access Control Server - Access Control Server Settings - 802.1X – section 802.1X
Parameter
Description
Start 802.1X Radius Validator
To use 802.1X port authentication configure your 802.1X capable switch to use a RADIUS server with this servers
server IP address. Then set this parameter to
server IP address. Then set this parameter to
Yes
.
Log Authentications
Log every authentication request, for debugging purposes. (parameter is only visible in Advanced View mode)
List 2–6 Access Control Server - Access Control Server Settings - System Health-Validator – section Referrals
Parameter
Description