Hewlett-Packard ProCurve NAC 800 Users Manual
Download Operation & user’s manual of HP ProCurve NAC 800 Gateway for Free or View it Online on All-Guides.com.
Brand: HP
Category: Gateway
Type: Operation & user’s manual for HP ProCurve NAC 800
Pages: 591 (8.37 Mb)
System Configuration
Cluster Setting Defaults
3-115
You do not need to enter the IP address of the NAC 800 server here. If you
do, it can cause redirection problems when end-users try to connect. You
do need to add any update server names, such as the ones that provide
anti-virus and software updates. NAC 800 ships with many of the default
server names pre-populated, such as windowsupdate.com.
2. Click ok.
The following table provides additional information about accessible services
and endpoints.
Topic Tip
Modes and IP addresses When using inline mode, enter IP addresses rather than domain
names.
When using DHCP mode, use domain names for sites the user needs
to access, such as update servers, and use IP addresses for endpoints
that sit behind NAC 800, such as authentication servers.
Ranges Use a hyphen for a range of IP addresses (10.0.16.1/30) and a colon for
a range of ports (10.0.16.1:80:90).
DHCP server IP address In inline mode, you might need to specify the DHCP server IP address
in this field.
Domain controller name Regardless of where the Domain Controller (DC) is installed, you must
specify the DC name on the Quarantine tab in the Quarantine area
domain suffix field for each quarantine area defined.
DHCP server and Domain
controller
In DHCP mode, when your DHCP server and Domain Controller are
behind NAC 800, you must specify ports 88, 135 to 159, 389, 1025, 1026,
and 3268 as part of the address. If you do not specify a DHCP address,
users are blocked. If you specify only the IP address with no port,
endpoints are not quarantined, even for failed tests. If your domain
controller is not situated behind NAC 800, you must configure your
router to allow routes from the quarantine area to your domain
controller on ports 88, 135-159, 389, 1025, 1026, and 3268.
Windows update server In inline mode, if an endpoint is quarantined and needs to access the
Windows Update server, it is not able to unless you enter
207.46.0.0/16 here. This is because iptables needs an IP
address, and would not be able to resolve the default of
windowsupdate.com.
Table 3-4. Accessible Services and Endpoints Tips