In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos NAC Advanced: how to create an Agent Enforcer access template to access the Internet

This article describes how to create an Agent Enforcer access template that provides access to the Internet while denying access to enterprise resources. Two different templates can be created:

• allowing access to the Internet using the pre-defined Private/Reserved network resource
• allowing access to the Internet using public addresses

What to do

You can implement Agent quarantine with Internet access for internal networks that use either private or public IP addresses. Private IP addresses are already identified in the Web interface as the Private/Reserved network resource. If your internal network consists of public IP addresses, then you must create a new network resource for public IP addresses.

How to create an Agent Enforcer access template that allows access to the Internet using the pre-defined Private/Reserved network resource:

1. Create a new Agent Enforcer access template. (For details of how to do this, refer to the on-line Help.)
2. Click Select, select the check box beside the Private/Reserved network resource, and click OK.
3. For the Private/Reserved network resource, click the 'Access column list' box, and select Deny.
4. For the Any network resource, click the 'Access column list' box, and select Permit.
5. Ensure that the Private/Reserved network resource is prioritized so that it displays directly above the 'Any' network resource.
6. Click Save.

How to create an Agent Enforcer access template that allows access to the Internet using public addresses:

1. Create a new Agent Enforcer access template. (For details of how to do this, refer to the on-line Help.)
2. Click Create to create a new network resource that encompasses your internal network using public IP addresses.
3. Type a name and description for the network resource, ensure that the network resource type is Port/Protocol, and ensure that Any/Any is specified for the port and protocol.
4. Type the IP address and subnet mask that identifies the network in the appropriate fields, and click Add. Repeat this step as necessary to identify additional networks.
5. Click Save.
6. Under Port/Protocol Resources, find the network resource you created, click the Access column list box, and select Deny.
7. For the Any network resource, click the 'Access column list' box, and select Permit.
8. Ensure that the new network resource is prioritized so that it displays directly above the Any network resource.
9. Click Save.
   

If you need more information or guidance, then please contact technical support.

• Article ID: 24696
• Created: 19 Apr 2007
• Last updated: 18 Jan 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement