Filter
Top Products
173 Barracuda NG Network Access Client - Administrator’s Guide
13.1 Introduce Access Control Objects
As a first step it is recommended to prepare the Access Control Objects. These objects should be
ready for referencing during trustzone configuration.
At the beginning, setting up an Barracuda NG Network Access Client infrastructure usually starts with
two different Welcome messages, two different Personal Firewall rule sets, and one Picture.
To give users customized details about their health state we recommend to define different Welcome
messages for unrestricted access ("healthy") and quarantine ("unhealthy"). In case of quarantine
contact details of the company's IT support will be useful for the end user.
Like welcome messages, customized pictures are not really necessary for a Barracuda NG Network
Access Client infrastructure. Nevertheless, companies usually want to display their own logo instead
of the Barracuda Networks logo.
The most important part which is also required for proper operation is to set up Personal Firewall Rules.
13.2 Personal Firewall Rule Set
It is difficult to give guidelines for personal firewall rule sets. The required applications may strongly
differ between companies.
Nevertheless, remember for all your Barracuda NG Personal Firewall rule sets:
All your clients, regardless of their health state, require network access. They need to contact the
Access Control Service (TCP 44000, the rule is included in the default rule set) and the Microsoft
Domain Controller. Otherwise no user login will be possible. Additionally, depending on the antivirus
or antispyware product, access to HTTP servers may be necessary. Backup software, remote support
and automatic software distribution often trigger connections from server to client, so it may be
necessary to modify the incoming rule set of your personal firewall to allow incoming connections.
For the setup used in this example only small modifications to the default rule set are required. First
create the quarantine rule set:
• In the configuration directory
Access Control Objects > Personal Firewall Rules
choose
New Access Control Firewall Rule Set … in the context menu.
• The object name of the rule set is
restrictedAccess.
• Open the rule set
restrictedAccess.
For the restrictedAccess rule set, the following new rules are added:
• Explicitly block Skype application.
• Allow connections to the remediation-servers (172.16.0.10).