Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IC-4000 resource policies and isg-2000

Kamran_
Contributor
‎02-22-2009 11:35:PM
‎02-22-2009 11:35:PM

IC-4000 resource policies and isg-2000

Hi all

My scenario is One Lan firewall isg-2000, One IC-4000, 4 Zones, Trust (Servers), Untrust(endpoints/clients), DMZ (IC-4000), WAN (other Site)
i m using 802.1x on switches, OAC is installed on every client system, IC-4000 works as Radius. problem is that everything is working fine except Outlook 2003, one more thing every client system is XP SP3 with office 2003. outlook connection is continously drops and restored why..?????
On firewall ANY->ANY policy is configured for all zones.

IP address schemes are different for Trust, Untrust, DMZ and WAN
i have also configured three VLANS on every switch, 1 is Secure, 2 is Remediation, 3 is Quarantine
users with fully compliance are in Secure (1), users with little problem like antivirus not updated or installed are in Remediation(2), users without Computer Certificate are in Quarantine(3).
i also wanna know how can i block remediation Vlan users to restrict access to Trust Zone, resource access policies
also how can i utilize isg-2000 more efficiently in my network.


Thanks / Regards

Raja
0 Kudos
1 REPLY 1
ManojReddy_
Contributor
‎02-24-2009 10:50:PM
‎02-24-2009 10:50:PM

Re: IC-4000 resource policies and isg-2000

Regarding Outlook, try allow all in both directions,enable traffic logging on the policies. start outlook and see traffic log to findout what ports the exchange server and clients use and then remove allow all policy and create a policy allowing only the ports outlook/exchange works on.

you can have following resource access policies on IC for controlling access from remediation and quarantineVLANs:

1) for Secure Role allow all

2) for Quarantine Role Allow access only to servers you want(like AD server or server from where user can get certificate for becoming complied to your certificate policies ..etc)

3) For Remediation Rolle Deny All (or allow only resources you want to allow)

make sure you enabled 'infranet-auth' for policies towars Trust zone. otherwise ISG will not honor the resource access policies you created on IC.

Message Edited by ManojReddy on 02-25-2009 12:33 PM
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.