Barracuda Networks VERSION SP4 User Manual
6 Introduction
1.2.1
What can Barracuda NG Network Access Client be used for?
It can be used to implement an endpoint security policy on Windows based endpoints within a
corporate network. In this context, Barracuda NG Network Access Client provides a managed personal
firewall solution with periodic health assessments. Both, the outcome of the assessment as well as the
identity of the machine and/or current user, will influence the policy applicable to the endpoint.
Enforcement of the policy is provided by the software installed on the endpoint itself and with regard
to enforcement outside the local collision domain by Barracuda NG Firewalls. The latter may interpret
the access policy attribute assigned to the endpoint within their rule sets. This provides a way to
enforce network access control concepts based on date and time, identity, and health state and type
of network access. The latter is required to enforce different policies when access takes place through
a VPN tunnel.
corporate network. In this context, Barracuda NG Network Access Client provides a managed personal
firewall solution with periodic health assessments. Both, the outcome of the assessment as well as the
identity of the machine and/or current user, will influence the policy applicable to the endpoint.
Enforcement of the policy is provided by the software installed on the endpoint itself and with regard
to enforcement outside the local collision domain by Barracuda NG Firewalls. The latter may interpret
the access policy attribute assigned to the endpoint within their rule sets. This provides a way to
enforce network access control concepts based on date and time, identity, and health state and type
of network access. The latter is required to enforce different policies when access takes place through
a VPN tunnel.
This setup requires the presence of at least one Access Monitor Service. This service entails two
component services. The SHV is the policy matching engine that determines the applicable policy
according to the connector's identity and current health state.
component services. The SHV is the policy matching engine that determines the applicable policy
according to the connector's identity and current health state.
The SHV issues a digitally signed cookie to the connecting endpoint, which contains all the information
pertinent to the identity and state of this client. That cookie serves as a passport of limited temporal
validity with which the endpoint may identify itself to the remediation server.
pertinent to the identity and state of this client. That cookie serves as a passport of limited temporal
validity with which the endpoint may identify itself to the remediation server.
Fig. 1–1 Barracuda NG Network Access Client environment
Since the NG Network Access Clients are communicating with the Access Control Server in cyclic intervals, the
Access Control Server should be placed as close as possible to the NG Network Access Clients. This helps
reducing network traffic and getting better response times.
Access Control Server should be placed as close as possible to the NG Network Access Clients. This helps
reducing network traffic and getting better response times.