Genian GPI Integration Guide
This guide provides information on integrating Genian NAC with Genian GPI.
Overview
This document describes how to configure and test the integration between Genian GPI (Genian Policy Inspector) and Genian NAC, which strengthens PC security posture and raises user security awareness through assessment.
Genian GPI integrates with Genian NAC to allow only PCs that meet security standards to access the network. No additional plugin or feature activation is required.
Once integration is configured, Genian GPI sends quantified security assessment scores of PCs to Genian NAC. NAC then blocks under-scored PCs and redirects users to a corrective guidance page, ensuring only compliant PCs can access the network.
Recommended Versions
| Product | Version | Remarks |
|---|---|---|
| Genian GPI | V4.0.12 or later | Policy server version (2020.10 or later) |
| Genian NAC | V5.0 or later | Policy server version (2020.10 or later) |
Integration Goals
The integration of Genian NAC and Genian GPI provides the following benefits:
- Automated Control for Vulnerable PCs
- Based on GPI-assigned scores, Genian NAC applies network isolation or enforcement policies automatically, requiring no manual administrator intervention.
- Customized Notification Pages Based on Score
- Based on the diagnostic score, NAC shows a tailored landing page to the user, explaining the block reason and how to resolve it.
- e.g., Score 70–80: advisory notice only, Score below 40: full network block with instructions.
Prerequisites
Check GPI Agent Installation and Designate Public PC Contacts
- GPI uses an Agent to inspect endpoint security status.
- Ensure target PCs have the agent installed.
- Assign responsibility for shared/public PCs. If an agent is not installed or a contact is not assigned, the PC will be excluded.
(Agent installation status can be verified via each product's Web Console.)
Network Preparation
- The integration requires communication over TCP/443 and TCP/3306.
- NAC port settings are available at: System > Service Management > Access Ports
Genian GPI Configuration
Security Inspection Setup
- Go to GPI Web Console > Security Inspection > Policy Management
- Click Manage next to “Cybersecurity Inspection Day” → Click the edit (pencil) icon
- Set Target:
| Setting Item | Value | Note |
|---|---|---|
| Target | Item: IP Address / Condition: Equals / Target: Inspection Target | Set value using the select box |
| Configuration | 192.168.100.40 | Enter the value based on the target |
| Inspection Time | After x days at xx:xx | Enter inspection schedule (applied after policy configuration time) |
- Click Save at the top right.
Enable NAC Integration
- Go to Settings > Security Inspection > Score Integration Options
- Check the box next to NAC
- Enter the IP address of the Genian NAC policy server to receive scores
Genian NAC Configuration
The Genian NAC configuration section covered in this guide only introduces the minimum required for integration with Genian GPI. This process only needs to be performed once and will be applied automatically thereafter.
Step 1: Create Node Group for GPI Non-compliance
Go to Policy > Group > Node and create a group as follows:
| Setting Item | Setting Value | Note |
|---|---|---|
| Basic Info > ID | GPI_Cybersecurity Inspection Day_Non-compliant Group | Enter node group name |
| Basic Info > Description | Group that did not comply with the GPI Cybersecurity Inspection Day regulation policy. | Enter node group description |
| Basic Info > CWP Message | Your PC has been blocked from the network for not complying with the Cybersecurity Inspection Day regulation policy. To regain access, please comply with the Cybersecurity Inspection Day policy. | Message to be displayed on the CWP page |
| Basic Info > Apply Mode | Enable | Select 'Enable' |
| Basic Info > Audit Log | Off | Select between On or Off |
| Group Condition > Condition Operation | AND | Select between AND or OR |
| Group Condition > Condition Setting | Item: Node Type / Condition: If detected node type equals / Value: PC | Add Node Type condition |
| Item: GPI Score / Condition: If no regulation policy exists / Value: Cybersecurity Inspection Day | Add GPI Score condition. (Enter GPI policy name in Value) |
Step 2: Create Control Policy for Non-compliant Nodes
Navigate to Policy > Control Policy, click Create. Create a control policy following the order provided in the Control Policy Wizard .
| Setting Item | Setting Value | Note |
|---|---|---|
| Policy Selection | Create New | Select 'Create New' |
| Policy Basic Settings > ID | GPI_Cybersecurity Inspection Day_Non-compliance_Isolation Policy | Enter control policy name |
| Policy Basic Settings > Description | This policy is to isolate nodes that did not comply with the GPI Cybersecurity Inspection Day regulation policy. | Enter control policy description |
| Policy Basic Settings > Order | 2 | Enter control policy order |
| Policy Basic Settings > Apply Mode | Enable | Select 'Enable' |
| Assign Node Group | GPI_Cybersecurity Inspection Day_Non-compliant Group | Select the group created in Step 1 |
| Assign Permission | PERM-DNS | Select PERM-DNS for isolation |
| Control Option Settings > User Message | Enter message to be displayed on the CWP page | |
| Control Action | Assign control action |
Note
- User Message is left blank to avoid duplication from Step 1.
- Only isolation is performed in this guide, so Control Action is left blank.
Step 3: Create Node Group for isolation of GPI check scores below 70
Go to Policy > Group > Node and create a node group as follows:
| Setting Item | Setting Value | Note |
|---|---|---|
| Basic Info > ID | GPI_Cybersecurity Inspection Day_Under 70 Group | Enter node group name |
| Basic Info > Description | Group under 70 points for the GPI Cybersecurity Inspection Day regulation policy | Enter node group description |
| Basic Info > CWP Message | Your PC has been blocked from the network because the security score is below 70. To regain access, please take appropriate action on your PC and perform a status recheck. | Message to be displayed on the CWP page |
| Basic Info > Apply Mode | Enable | Select 'Enable' |
| Basic Info > Audit Log | Off | Choose between On or Off |
| Group Condition > Condition Operation | AND | Select between AND or OR |
| Group Condition > Condition Setting | Item: Node Type / Condition: If detected node type equals / Value: PC | Add Node Type condition |
| Item: GPI Score / Condition: If score is less than (Score, GPI Policy) / Value: 70, Cybersecurity Inspection Day | Add GPI Score condition. (In 'Value', enter score and GPI policy name. Entering 70 means the condition applies to scores below 70.) |
Step 4: Create Control Policy to isolate groups with a GPI check score of less than 70 points
Go to Policy > Control Policy, click Create, and follows the order provided in the Control Policy Wizard.
| Setting Item | Setting Value | Note |
|---|---|---|
| Policy Selection | Create New | Select 'Create New' |
| Policy Basic Settings > ID | GPI_Cybersecurity Inspection Day_Under 70_Isolation Policy | Enter control policy name |
| Policy Basic Settings > Description | This policy is to isolate nodes with a score below 70 for the GPI Cybersecurity Inspection Day regulation policy. | Enter control policy description |
| Policy Basic Settings > Order | 3 | Enter control policy order |
| Policy Basic Settings > Apply Mode | Enable | Select 'Enable' |
| Assign Node Group | GPI_Cybersecurity Inspection Day_Under 70 Group | Select the group created in Step 3 |
| Assign Permission | PERM-DNS | Select PERM-DNS for isolation |
| Control Option Settings > User Message | Enter message to be displayed on the CWP page | |
| Control Action | Assign control action |
Note
User Message is omitted to prevent duplication with Step 3.
Verification Test
Step 1: Run GPI Scan on PC (192.168.100.40) - Open Genian GPI from the tray menu - Click Start Inspection - Confirm score is below 70
Step 2: Check Score in GPI Web Console - Navigate to Security Inspection > Results by User (Monthly) - Verify score < 70 for 192.168.100.40
Step 3: Check Event in NAC Audit Logs - Go to Audit > Logs - Verify event: GPI Score Added
Step 4: Check NAC Policy Assignment - Go to Policy > Control Policy - Confirm assignment of GPI_CyberInspection_ScoreBelow70_Isolation
Step 5: Attempt Network Access - Network is blocked - Message shown: Your PC scored below 70 and is blocked. Please take corrective action and re-scan to restore access.