It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure NAC for SSL VPN

  • Last updated on

SSL VPN Network Access Control (NAC) limits access to the web portals of the SSL VPN service according to a variety of factors based on attributes of the connecting device. Users who fail the NAC check are not allowed to log in until they have a conforming system. You can define exceptions for each category. Use exceptions to allow/block specific versions denied in the NAC block list. For example, to allow only Windows 7 to connect: Block all Windows operating systems in the NAC block list and then add an exception for Windows 7. NAC settings do not apply to clients connecting via CudaLaunch. The following parameters are evaluated by the SSL VPN service when the user logs in:

  • Desktop operating systems
  • Mobile operating systems
  • Desktop browser types and versions
  • Browser plugins
  • Mobile browser types and versions

Before you begin

Enable and configure SSL VPN on the firewall. For more information, see How to Enable SSL VPN and CudaLaunch.

Configure the NAC block list

  1. Go to the VPN > SSL VPN page and click the NAC tab.
  2. Set Enable NAC to Yes.
  3. For each parameter, select the versions that should be blocked. Select None to not block according to this criteria.
  4. (optional) Configure NAC exceptions to block or deny an entire category.
  5. (optional) In the Exceptions section, click Add NAC Exceptions. The Add NAC Exceptions window opens.
    1. Enter a Name for the exception.
    2. Select the Access policy.
    3. Select the exception Type. The subtype for the selected Type is displayed. For example, the mobile browser type if you selected Mobile Browser as the Exception Type.
    4. Select the Subtype and Version for the exception type you previously selected.
    5. Click Save.
  6. Click Save.

All users accessing the SSL VPN web portals must now conform to the requirements set in the NAC block list. When a user logs in with a device that fails one or more of the server-side NAC checks, the following block pages are displayed:

NAC_block_mobile.png

Check the sslvpn log file to find out which NAC block rule caused the user to be rejected. For more information, see Viewing Logs.