Understanding Access Control Policy¶
Genian NAC uses 3 main policies to control network access, IP/MAC Policy, Node Policy, and Enforcement Policy.
IP and MAC features allow an administrator to manually or automatically control a devices IP address, and to allow / deny network access based off of IP or MAC address.
To use these features in Genian NAC, you must configure the network sensor(s) in enforcement mode and enable an IP/MAC policy. This section will explain how to enable IPAM policy, enforce Conflict/Change Prevention, and set up time allowances for IP/MAC addresses.
Node Policies are mainly used for collecting information from Nodes, and managing their network presence while they are in a compliant state. Node Policies allow you to establish Authentication Policies based on User, Node, and Authentication method, as well as to define the standard operation of the endpoint agent and more.
To configure a Node Policy, create or use existing Node Groups (Managing Node Groups)
Next, navigate to Policy > Node Policy and select Tasks > create.
Follow the Policy creation prompts to apply the policy to groups and configure options.
While Node Policies are mainly used for collecting information from Nodes, Enforcement Policies are typically used to block the endpoint from accessing the network and potentially take additional action. This additional action may involve redirection to a Captive Web Portal for compliance instructions, or control of the endpoint through an agent.
Once Node Groups are created, (Managing Node Groups) controls can be defined by creating Enforcement Policies. These policies can then be applied to the Node Group to enforce those conditions upon the Nodes within the Group.