Manualshelf

User Guide

ManualsBrandsNortel Networks ManualsOther4050
31323334353637383940
Chapter 1 Overview 37
Nortel Secure Network Access Switch 4050 User Guide
TunnelGuard host integrity check
The TunnelGuard application checks client host integrity by verifying that the
components you have specified are required for the client’s personal firewall
(executables, DLLs, configuration files, and so on) are installed and active on the
client PC. You specify the required component entities and engineering rules by
configuring a Software Requirement Set (SRS) rule and mapping the rule to a user
group.
After a client has been authenticated, the Nortel SNAS 4050 downloads a
TunnelGuard agent as an applet to the client PC. The TunnelGuard applet fetches
the SRS rule applicable for the group to which the authenticated user belongs, so
that TunnelGuard can perform the appropriate host integrity check. The
TunnelGuard applet reports the result of the host integrity check to the Nortel
SNAS 4050.
If the required components are present on the client machine, TunnelGuard
reports that the SRS rule check succeeded. The Nortel SNAS 4050 then instructs
the network access device to permit access to intranet resources in accordance
with the user group’s access privileges. The Nortel SNAS 4050 also requests the
TunnelGuard applet to redo a DHCP request in order to renew the client’s DHCP
lease with the network access device.
If the required components are not present on the client machine, TunnelGuard
reports that the SRS rule check failed. You configure behavior following host
integrity check failure: The session can be torn down, or the Nortel SNAS 4050
can instruct the network access device to grant the client restricted access to the
network for remediation purposes.
The TunnelGuard applet repeats the host integrity check periodically throughout
the client session. If the check fails at any time, the client is either evicted or
quarantined, depending on the behavior you have configured. The recheck interval
is configurable.
For information about configuring the TunnelGuard host integrity check, see
“Configuring the TunnelGuard check using the CLI” on page 132 or “Configuring
the TunnelGuard check using the SREM” on page 168. For information about
configuring the SRS rules, see “TunnelGuard SRS Builder” on page 317. For
information about mapping an SRS rule to a group, see “Configuring groups using
the CLI” on page 198 or “Configuring groups using the SREM” on page 208.