The following Novell ZENworks Network Access Control requests are supported:
TemporarilyAllowAccess — Specifies to temporarily allow access to the specified endpoint or endpoints.
TemporarilyDenyAccess — Specifies to temporarily deny access to the specified endpoint or endpoints.
ClearTemporaryAccess — Specifies to clear temporary states for the specified endpoint or endpoints.
DeviceInfoRequest — Requests the endpoint identification
PutDeviceInfo — Sets endpoint properties
The following sections contain more information:
The following shows examples of information for requests supported:
------------------------------------------------------------------------ <TemporarilyAllowAccessRequest> <requestParameters> <entry> <string>DURATION</string> <int>24</int> </entry> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>192.168.1.128</ip> </DeviceType> </list> </entry> </requestParameters> </TemporarilyAllowAccessRequest> <TemporarilyDenyAccessRequest> <requestParameters> <entry> <string>DURATION</string> <int>24</int> </entry> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>192.168.1.128</ip> </DeviceType> </list> </entry> </requestParameters> </TemporarilyDenyAccessRequest> <ClearTemporaryAccessRequest> <requestParameters> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>192.168.1.128</ip> </DeviceType> </list> </entry> </requestParameters> </ClearTemporaryAccessRequest> <DeviceInfoRequest> <requestParameters> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>192.168.1.128</ip> </DeviceType> </list> </entry> </requestParameters> </DeviceInfoRequest> <PutDeviceInfoRequest> <requestParameters> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>192.168.1.128</ip> <otherDeviceProperties> <entry> <string>key1</string> <string>value1</string> </entry> <entry> <string>key2</string> <string>value2</string> </entry> </otherDeviceProperties> </DeviceType> </list> </entry> </requestParameters> </PutDeviceInfoRequest> -------------------------------------------------------------
The DeviceInfoRequest command replies with output that includes a special NacResponse XML file as shown below:
------------------------------------------------------------- <NacResponse> <resultStatus>true</resultStatus> <response class="DeviceList"> <devices> <DeviceInfo> <uniqueId>00:0C:29:5D:30:B5</uniqueId> <ip>192.168.1.128</ip> <mac>00:0C:29:5D:30:B5</mac> <netbiosName>WINXPPROVM</netbiosName> <domainFromNMB>WORKGROUP</domainFromNMB> <credentialsEnabled>false</credentialsEnabled> <os>Windows</os> <osDetails>XP SP1+, 2000 SP3</osDetails> <policyId>LowSecurity</policyId> <lastTestTime>0</lastTestTime> <lastTestStatusId>AWAITING_TEST_INITIATION</lastTestStatusId> <gracePeriod>0</gracePeriod> <gracePeriodStart>0</gracePeriodStart> <createTime>1186594414243</createTime> <lastActivityTime>1186603364486</lastActivityTime> <lastConnectTime>1186594301738</lastConnectTime> <lastDisconnectTime>0</lastDisconnectTime> <postureToken>unknown</postureToken> <nodeId>158251f6-2ce8-4d34-b9e8-d724c175d34a</nodeId> <clusterId>4e193379-a492-4fd8-a31c-37e722b14449</clusterId> <accessStatusId>QUARANTINED_BY_POLICY</accessStatusId> <nextTestTime>1186597121116</nextTestTime> <nadPort/> <nadPortId/> <nadIP/> <nadUser/> <sessionAccess>-1</sessionAccess> <sessionAccessEnd>0</sessionAccessEnd> <otherDeviceProperties> <entry> <string>key1</string> <string>value1</string> </entry> <entry> <string>OS</string> <string>Windows XP SP1+, 2000 SP3</string> </entry> <entry> <string>key2</string> <string>value2</string> </entry> </otherDeviceProperties> <lastUpdateTime>1186603474724</lastUpdateTime> <testingMethod>NONE</testingMethod> <expectingIpTransitionStartTime>-1</expectingIpTransitionStartTime> <expectingIpTransitionEndTime>-1</expectingIpTransitionEndTime> <expectingIpTransition>false</expectingIpTransition> <lastFetchUniqueIdTime>0</lastFetchUniqueIdTime> <lastResolveTime>0</lastResolveTime> <requireRetest>true</requireRetest> </DeviceInfo> </devices> </response> <ip>192.168.1.12</ip> <id>MNM</id> <originalTimeStamp>1186603494295</originalTimeStamp> </NacResponse> ------------------------------------------------------------------------
The following example shows the additional fields necessary (noted in italic text) to change a temporarilyDenyAccess request to a post-connect request.
------------------------------------------------------------------------ <TemporarilyDenyAccessRequest> <requestParameters> <entry> <string>DURATION</string> <int>10</int> </entry> <entry> <string>EXTERNAL_QUARANTINE_PRODUCT_ID</string> <string>StrataGuard</string> </entry> <entry> <string>EXTERNAL_QUARANTINE_INSTANCE_NAME</string> <string>Warehouse Monitor</string> </entry> <entry> <string>EXTERNAL_QUARANTINE_REASONS</string> <list> <string>WEB-CLIENT Microsoft ANI file parsing overflow</string> <string>DOS Ipswitch WS_FTP log server long unicode string</string> </list> </entry> <entry> <string>DEVICE_LIST</string> <list> <DeviceType> <ip>10.1.102.2</ip> </DeviceType> </list> </entry> </requestParameters> </TemporarilyDenyAccessRequest> ------------------------------------------------------------------------
NOTE:The EXTERNAL_QUARANTINE_PRODUCT_ID entry in the previous post-connect example is configured in the connector.properties file. See Section 3.14.7, Adding Post-connect System Logos and Icons for more information.
Novell ZENworks Network Access Control ships with a sample shell script that invokes Java code that can be used to send JMS requests. Invoke the program by entering the following command:
sendRequest.sh [-u broker URL] [-t topicName] [-l login -p password] -f <request.xml>
Where:
broker URL — The URL of the JMS message bus. If not specified, it defaults to tcp://localhost:61616
topicName — The topic on which events are published. By default, all Novell ZENworks Network Access Control events are published on the topic nac.events
login and password — Not set by default
-f <request.xml> — An XML file that contains requests as shown in Section 12.5.1, Examples of Requests.