Barracuda Networks VERSION SP4 2.2.2 Remediation Service, 2.2.3 Trustzone-Border, 2.2.4 802.1X

2.2.2 Remediation Service

VPN Remediation Service IPs Define where the Access Control Service remediation service module is reachable for VPN clients.

Note:

This IP address must not be the same IP address as already used as an Internal or External Remediation

Service IP address.

Example: For the internal Clients the Access Control Service listening socket is on 10.0.8.108 and you want to

have also a remediation service for clients which are connected with VPN.

• Introduce an additional IP address, for example 10.0.8.150 on Virtual Server Layer and insert these

two Bind IPs (10.0.8.108 and 10.0.8.150) in the Access Control Service Configuration.

• Now open the Access Control service settings, scroll down to the VPN Remediation Service IPs and

select the IP Address 10.0.8.150 from the pull-down menu.

Sync authentication to Trustzone Using a Barracuda NG Control Center multiple Access Control Services can reference to the same trustzone.

Already validated clients can be propagated to all Access Control Services sharing the same trustzone

configuration. This also affects gateway firewall authentication. This parameter is only available on a CC.

List 2–7 Access Control Server - Access Control Server Settings - Remediation Server – section General

Parameter Description

Start

Remediation

Service

Setting to yes starts the Access Control Server remediation service module.

TLS required Set to yes will allow unencrypted downloads from the remediation server. This will increase download velocity, but decrease

security since personal firewall rule sets are transmitted unencrypted over the network.

List 2–8 Access Control Server - Access Control Server Settings - Trustzone-Border – section General

Parameter Description

Start Border Health-Validator Starts the Access Control Service module responsible for trustzone border health state evaluation.

Trustzone Border IP IP address the health validator uses for listening for trustzone border health validations.

Foreign Health Passp. Verification Add all foreign health passport verification keys whose health passports should be trusted for this border

trustzone. The Health state of clients with a signed and trusted health passport is revalidated for this

trustzone but their authentication credentials are accepted from the signed cookie.

Allowed Peer Networks Only peers from listed networks are allowed to perform trustzone border health validations.

List 2–9 Access Control Server - Access Control Server Settings - 802.1X – section 802.1X

Parameter Description

Start 802.1X Radius Validator To use 802.1X port authentication configure your 802.1X capable switch to use a RADIUS server with this servers

server IP address. Then set this parameter to Yes.

Log Authentications Log every authentication request, for debugging purposes. (parameter is only visible in Advanced View mode)

List 2–6 Access Control Server - Access Control Server Settings - System Health-Validator – section Referrals

Parameter Description