9.0 Inline Quarantine Method

Inline is the most basic Novell ZENworks Network Access Control installation. When deploying Novell ZENworks Network Access Control inline, Novell ZENworks Network Access Control monitors and enforces all endpoint traffic. Novell ZENworks Network Access Control allows endpoints to access the network or blocks endpoints from accessing the network based on their Internet Protocol (IP) address with a built-in firewall (iptables).

When Novell ZENworks Network Access Control is installed in a single-server installation, Novell ZENworks Network Access Control becomes a Layer 2 bridge that requires no changes to the network configuration settings.

As shown in (Figure 9-1), Novell ZENworks Network Access Control is installed inline in a multiple-server configuration, the multiple ESs form a Layer 2 bridge that spans two switches, resulting in a network loop. This is an undesirable situation. To prevent this, you may have to configure the switch that connects the Novell ZENworks Network Access Control ESs to use Spanning Tree Protocol (STP), if STP is not already configured. The STP automatically detects the loop, and closes one of the offending ports on the switch based on the switch configuration. If an ES becomes unavailable, the switch automatically reconnects the previously closed port so that there is always a path from the VPN to an ES.

See the Novell ZENworks Network Access Control Installation Guide for more information on installing Novell ZENworks Network Access Control in inline mode.

Figure 9-1 Inline Installations