2 remediation service, 3 trustzone-border, 4 802.1x – Barracuda Networks VERSION SP4 User Manual

19 Barracuda NG Network Access Client - Administrator’s Guide

2.2.2

Remediation Service

2.2.3

Trustzone-Border

2.2.4

802.1X

VPN Remediation Service IPs

Define where the Access Control Service remediation service module is reachable for VPN clients.
Note:
This IP address must not be the same IP address as already used as an Internal or External Remediation
Service IP address.
Example: For the internal Clients the Access Control Service listening socket is on 10.0.8.108 and you want to
have also a remediation service for clients which are connected with VPN.

• Introduce an additional IP address, for example 10.0.8.150 on Virtual Server Layer and insert these

two Bind IPs (10.0.8.108 and 10.0.8.150) in the Access Control Service Configuration.

• Now open the Access Control service settings, scroll down to the VPN Remediation Service IPs and

select the IP Address 10.0.8.150 from the pull-down menu.

Sync authentication to Trustzone

Using a Barracuda NG Control Center multiple Access Control Services can reference to the same trustzone.
Already validated clients can be propagated to all Access Control Services sharing the same trustzone
configuration. This also affects gateway firewall authentication. This parameter is only available on a CC.

List 2–7 Access Control Server - Access Control Server Settings - Remediation Server – section General

Parameter

Description

Start
Remediation
Service

Setting to

yes

starts the Access Control Server remediation service module.

TLS required

Set to

yes

will allow unencrypted downloads from the remediation server. This will increase download velocity, but decrease

security since personal firewall rule sets are transmitted unencrypted over the network.

List 2–8 Access Control Server - Access Control Server Settings - Trustzone-Border – section General

Parameter

Description

Start Border Health-Validator

Starts the Access Control Service module responsible for trustzone border health state evaluation.

Trustzone Border IP

IP address the health validator uses for listening for trustzone border health validations.

Foreign Health Passp. Verification

Add all foreign health passport verification keys whose health passports should be trusted for this border
trustzone. The Health state of clients with a signed and trusted health passport is revalidated for this
trustzone but their authentication credentials are accepted from the signed cookie.

Allowed Peer Networks

Only peers from listed networks are allowed to perform trustzone border health validations.

List 2–9 Access Control Server - Access Control Server Settings - 802.1X – section 802.1X

Parameter

Description

Start 802.1X Radius Validator

To use 802.1X port authentication configure your 802.1X capable switch to use a RADIUS server with this servers
server IP address. Then set this parameter to

Yes

.

Log Authentications

Log every authentication request, for debugging purposes. (parameter is only visible in Advanced View mode)

List 2–6 Access Control Server - Access Control Server Settings - System Health-Validator – section Referrals

Parameter

Description