HP BladeSystem bc2000 Cisco Network Access Control for HP Thin Clients and CCI - Page 17

End-Point Configuration, Thin Client Firewall Exceptions, System Tray, Sygate, Advanced Rules

Get HP BladeSystem bc2000 - Blade PC PDF manuals and user guides View all HP BladeSystem bc2000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

We're finished with both blade and thin client policy settings! End-Point Configuration Thin Client Firewall Exceptions The HP t5720 XPe-based Thin Client is configured by default with the Sygate firewall actively blocking all ports except those required for basic Web browsing and RDP connections. The t5720 thin clients used in this white paper also had firewall port exceptions added for RGS, which accelerates graphics in a manner superior to RDP. In order to properly communicate with the NAC 800 and allow scans to the t5720, the Sygate firewall must be modified as follows: Description Allow NAC UDP Allow NAC TCP IP Address 10.6.6.2 10.3.3.3 10.4.4.4 10.6.6.2 10.3.3.3 10.4.4.4 Remote Ports 8905,8906 Local Ports Incoming/Outgoing Both 443 Both Set this firewall configuration as follows: 1. Reboot the HP t5720 thin client and log on using an account with administrator privileges. This ensures that the thin client is in a known, clean OS state. 2. In the System Tray, right-click the Sygate icon. 3. Select Advanced Rules. 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
17
We’re finished with both blade and thin client policy settings!
End-Point Configuration
Thin Client Firewall Exceptions
The HP t5720 XPe-based Thin Client is configured by default with the Sygate firewall actively blocking
all ports except those required for basic Web browsing and RDP connections. The t5720 thin clients
used in this white paper also had firewall port exceptions added for RGS, which accelerates graphics
in a manner superior to RDP.
In order to properly communicate with the NAC 800 and allow scans to the t5720, the Sygate
firewall must be modified as follows:
Description
IP Address
Remote Ports
Local Ports
Incoming/Outgoing
Allow NAC UDP
10.6.6.2
10.3.3.3
10.4.4.4
8905,8906
Both
Allow NAC TCP
10.6.6.2
10.3.3.3
10.4.4.4
443
Both
Set this firewall configuration as follows:
1.
Reboot the HP t5720 thin client and log on using an account with administrator privileges.
This ensures that the thin client is in a known, clean OS state.
2.
In the
System Tray
, right-click the
Sygate
icon.
3.
Select
Advanced Rules
.