132Chapter 4 Configuring the domain

Configuring the TunnelGuard check using the CLI

Before an authenticated client is allowed into the network, the TunnelGuard application checks client host integrity by verifying that the components required for the client’s personal firewall (executables, DLLs, configuration files, and so on) are installed and active on the client PC. For more information about how the TunnelGuard check operates in the Nortel SNA solution, see “TunnelGuard host integrity check” on page 37.

If you ran the quick setup wizard during the initial setup or to create the domain, the TunnelGuard check has been configured with default settings and the check result you selected (teardown or restricted). You can rerun the TunnelGuard portion of the quick setup wizard at any time by using the

/cfg/domain #/aaa/tg/quick command (see “Using the quick TunnelGuard setup wizard in the CLI” on page 134).

To configure settings for the TunnelGuard host integrity check and the check result, use the following command:

/cfg/domain #/aaa/tg

The TG menu displays.

The TG menu includes the following options:

/cfg/domain #/aaa/tg followed by:

quick

Launches the quick TunnelGuard setup wizard, in

 

order to configure default TunnelGuard check settings

 

and the check result (see “Using the quick TunnelGuard

 

setup wizard in the CLI” on page 134).

 

 

recheck <interval>

Sets the time interval between SRS rule rechecks

 

made by the TunnelGuard applet on the client machine.

 

interval is an integer that indicates the time

 

interval in seconds (s), minutes (m), or hours (h).

 

The valid range is 60s (1m) to 86400s (24h). The

 

default is 15m (15 minutes).

 

If a recheck fails, the Nortel SNAS 4050 performs the

 

action specified in the action command (see

 

page 133).

 

 

320818-A

Page 131 Page 133
Page 132
Image 132
Nortel Networks 4050 manual Configuring the TunnelGuard check using the CLI, Cfg/domain #/aaa/tg followed by
Page 131 Page 133
Top Page Image Contents