Applies to all Barracuda SSL VPNs.
NAC Exceptions on your Barracuda SSL VPN allow administrators to control how the Network Access Control rules are enforced. It is possible to create exceptions that will allow or block access to legitimately work around the rules for each setting in the NAC page. For example, a rule could be in place to block access from all IP addresses; using the NAC exceptions an exception can be configured that allows access from one specific IP range.
Another example would be for NAC to be configured to allow login at any time. Using NAC exceptions, access could be blocked between the hours of 11pm and 5am for one group of users.
All NAC Exceptions are made of the same basic elements (this information is also available in the SSL VPN GUI by clicking the ? icon in the Access Control > NAC Exceptions page):
- Name: A unique name for the NAC Exception.
- Applies To: The Accounts or Groups for which this exception rule applies.
- Start Time and End Time: The time of day (in 24-hour format) for which the exception rule is to be in effect.
- Access Days: Days of the week for which the exception rule is to be in effect.
- Type: The type of the NAC Exception rule e.g OS, Browser, etc. Based on the Type selected, a Sub Type/Expression can also be selected. If IP Address is selected, you will have to provide an IP or subnet address, the field accepts Ip Address and CIDR block e.g: 10.14.0.0/24 (equals to 10.14.0.0 with a mask 255.255.225.0). If MAC Address is selected, a canonical formated string (xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx) will be required.
- Access: If the NAC Exception rule is designed to Block or Allow login access.
- Block: Prevent the user from logging on. The authorization process is stopped at this point regardless of any other configured exceptions.
- Block & continue: Prevent the user from logging on. The authorization process is continued however allowing a subsequent exception the opportunity to change the decision.
- Allow: Allow the user to login. The authorization process is stopped at this point regardless of any other configured exceptions.
- Allow & continue: Allow the user to login. The authorization process is continued however allowing a subsequent exception (of the same type) the opportunity to change the decision.
- Actions: These are the actions that can be performed on a NAC Exception:
- Increase Priority
- Decrease Priority
- Copy to User Database
Link to this page: