Novell ZENworks Endpoint Security Management 3.5 Manuale Utente
ZENworks® ESM 3.5
Administrator’s Manual
130
Network Address Macros List
The following is a list of special Access Control macros. These can be associated individually as
part of an ACL in a firewall setting.
part of an ACL in a firewall setting.
Table 4: Network Address Macros
Macro
Description
[Arp]
Allow ARP (Address Resolution Protocol) packets. The term Address Resolution refers to the
process of finding an address of a computer in a network. The address is Resolved using a
protocol in which a piece of information is sent by a client process executing on the local com-
puter to a server process executing on a remote computer. The information received by the
server allows the server to uniquely identify the network system for which the address was
required and therefore to provide the required address. The address resolution procedure is
completed when the client receives a response from the server containing the required
address.
process of finding an address of a computer in a network. The address is Resolved using a
protocol in which a piece of information is sent by a client process executing on the local com-
puter to a server process executing on a remote computer. The information received by the
server allows the server to uniquely identify the network system for which the address was
required and therefore to provide the required address. The address resolution procedure is
completed when the client receives a response from the server containing the required
address.
[Icmp]
Allow ICMP (Internet Control Message Protocol) packets. ICMPs are used by routers,
intermediary devices, or hosts to communicate updates or error information to other routers,
intermediary devices, or hosts. ICMP messages are sent in several situations: for example,
when a datagram cannot reach its destination, when the gateway does not have the buffering
capacity to forward a datagram, and when the gateway can direct the host to send traffic on a
shorter route.
intermediary devices, or hosts to communicate updates or error information to other routers,
intermediary devices, or hosts. ICMP messages are sent in several situations: for example,
when a datagram cannot reach its destination, when the gateway does not have the buffering
capacity to forward a datagram, and when the gateway can direct the host to send traffic on a
shorter route.
[IpMulticast]
Allow IP Multicast packets. Multicast is a bandwidth-conserving technology that reduces traf-
fic by simultaneously delivering a single stream of information to thousands of corporate
recipients and homes. Applications that take advantage of multicast include videoconferenc-
ing, corporate communications, distance learning, and distribution of software, stock quotes,
and news. Multicast packets may be distributed using either IP or Ethernet addresses.
fic by simultaneously delivering a single stream of information to thousands of corporate
recipients and homes. Applications that take advantage of multicast include videoconferenc-
ing, corporate communications, distance learning, and distribution of software, stock quotes,
and news. Multicast packets may be distributed using either IP or Ethernet addresses.
[EthernetMulticast]
Allow Ethernet Multicast packets.
[IpSubnetBrdcast]
Allow Subnet Broadcast packets. Subnet broadcasts are used to send packets to all hosts of
a subnetted, supernetted, or otherwise nonclassful network. All hosts of a nonclassful net-
work listen for and process packets addressed to the subnet broadcast address.
a subnetted, supernetted, or otherwise nonclassful network. All hosts of a nonclassful net-
work listen for and process packets addressed to the subnet broadcast address.
[Snap]
Allow Snap encoded packets.
[LLC]
Allow LLC encoded packets.
[Allow8021X]
Allow 802.1x packets. To overcome deficiencies in Wired Equivalent Privacy (WEP) keys,
Microsoft and other companies are utilizing 802.1x as an alternative authentication method.
802.1x is a port-based, network access control, which uses Extensible Authentication
Protocol (EAP), or certificates. Currently, most major wireless card vendors and many access
point vendors support 802.1x. This setting also allows Light Extensible Authentication
Protocol (LEAP) and WiFi Protected Access (WPA) authentication packets.
Microsoft and other companies are utilizing 802.1x as an alternative authentication method.
802.1x is a port-based, network access control, which uses Extensible Authentication
Protocol (EAP), or certificates. Currently, most major wireless card vendors and many access
point vendors support 802.1x. This setting also allows Light Extensible Authentication
Protocol (LEAP) and WiFi Protected Access (WPA) authentication packets.
[Gateway]
Represents the current IP configuration Default Gateway address. When this value is
entered, the ZENworks Security Client allows all network traffic from the current IP
configuration Default Gateway as a trusted ACL.
entered, the ZENworks Security Client allows all network traffic from the current IP
configuration Default Gateway as a trusted ACL.
[GatewayAll]
Same as [Gateway] but for ALL defined gateways.
[Wins]
Represents current client IP configuration Default WINS Server address. When this value is
entered, the ZENworks Security Client allows all network traffic from the current IP
configuration Default WINS server as a trusted ACL.
entered, the ZENworks Security Client allows all network traffic from the current IP
configuration Default WINS server as a trusted ACL.
[WinsAll]
Same as [Wins] but for ALL defined WINS servers.