Fine Tuuning Network Quarantine

MarkGenova

Hi guys,

i still have an issue with the network quarantine, in my case i need to permit access to a private laboratory network in case the definitions is not updated.

The network is 169.254.0.0/16.

 

I have changed the Internet shield 8 settings of the client editing under rule --> security level --> network quarantine and addind at the top the spcific rule Allow --> all IP trafic <-> 169254.0.0/16

 

Seems that the client when the definition are not updated still continue to block the network.

Anyone could help me?

Thanks

 

MJ-perComp

THAT is a very weird setup.

If a system gets an address 169.254.x.x it means it has no connectivity to DHCP or no connectivity at all.
But the "Quarantine" ruleset will always allow the system to obain a DHCP-address, regardless of it's protection status. Addresses in that range are not routable, must not be forwarded and are prone to address collision (see: https://tools.ietf.org/html/rfc3927)

 

So what is your idea of allowing that range? Any such implementation should not be needed.

 

As the rule you created looks fine,did it really arrive at the host? is it active?