This solution applies to all Barracuda SSL VPNs.
Network Access Control (NAC) allows administrators to control whether users are able to login to the SSL VPN depending on a number of parameters such as Anti-Virus software, Operating System, Java version, etc. If a user does not meet the specified requirements then they are blocked from logging in.
Network Access Control options can be accessed from the SSL VPN interface under Access Control > NAC. Many of the options in the NAC page work closely with NAC Exceptions in order to provide the actual specifics to a NAC rule.
Options available for NAC are:
Start Access Control – Allows NAC to be started or stopped. The default setting is No meaning that NAC is not activated.
Start Agent Checking – Allows NAC to launch the SSL VPN agent when a user logs in. This will inspect the user’s machine to ensure that all requirements are met. If this is not enabled then NAC will only perform server side checking. The default setting is Yes which means that Agent checking is enabled.
Logon at any time of day – This allows NAC to control if users are able to login at any time. When set to Allow users can login at anytime, when set to Block users cannot login at any time.
Logon from any IP address – This allows NAC to control if users are able to login from any IP address. When set to Allow login can occur from any IP address. When set to Block all IP addresses, access is not allowed from any IP address.
Browser – This allows NAC to control which Web Browsers can be used to login to the SSL VPN. A number of browsers are listed which can be allowed or blocked individually.
OS – This allows NAC to control which operating systems may be installed on a connecting system. A number of operating systems are listed which can be allowed or blocked individually.
Windows hot fixes – If the connecting system has a Windows operating system, NAC can be set to control access depending on whether the unit has all up-to-date Hot Fixes.
Security – This allows NAC to control access depending on whether the unit has an up-to-date Anti-Virus.
Flash Version – This allows NAC to control access based on the Flash Version that is installed. A number of versions are available which can be controlled individually.
Firmware version 1.6 and higher adds the following features:
No Firewall - This option allows access control based on the presence of a firewall on the connecting system. This requires Agent Checking to be enabled.
Logon from any MAC Address - Allows control of access based on the connecting systems MAC address, similar to IP Address checking. This requires Agent Checking to be enabled.
Firmware version 1.7 and higher adds the following feature:
Login with an enabled Wi-Fi connection - Allows control of access based on Windows operating systems with enabled Wi-Fi connection. Requires Agent Checking to be activatied.
Link to this page: