Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
5
Helpful
1
Replies

Internet access from untrusted vlan?

Robert Slusar
Level 1
Level 1

‎06-16-2010 12:32 PM - edited ‎03-09-2019 11:01 PM

We are running NAC 4.7.2 in a OOB VGW configuration.

Let's say the mapping is from untrusted vlan 630 to trusted vlan 30 and that I have device that has failed it's posture check and needs to remediate to an external website. (The device that has failed stays in vlan 630 and has an same IP address it would use when it is moved into vlan 30.)

I would like to leave the device in vlan 630 but need to give it access to the Internet. Am I correct in that I should be able to do this using the proper filter?

If not what is the correct way to approach this scenario?

Thanks!

Bob   

Labels:
0 Helpful
1 Reply 1

Faisal Sehbai
Level 7
Level 7

‎06-16-2010 03:50 PM

Bob,

That is correct. In this scenario the traffic policies of the Temporary Role would apply and whatever sites/ips you allow in that role, the client would be able to get to those.

HTH,

Faisal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents