Avatar of arunaci
arunaci
 asked on

Blocking non domain computers with Fixed IP

Hi All,

I have implemented NAP using IPsec with HRA and it seems to be working fine for computers failing health check for both domain and non domain computers. But when the computers use Static IP address, the whole thing gets bypassed.

Any ideas with regards to this would be welcome.

regards,

Arun.
Network SecurityInternet Protocol Security

Avatar of undefined
Last Comment
arunaci

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
loaganathan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
arunaci

ASKER
If you deploy IPsec enforcement you will need a certificate infrastructure (a PKI). In this case, non-domain computers will not be given a certificate and computers without certificates can be blocked with IPsec policies.

The other method you can use is 802.1X. You can also use NAP here, but it isn't necessary. Just create a policy that evaluates computers based on domain membership. An 802.1X access request contains the computer's domain so it isn't necessary here to run NAP agent

Shall try this and get back

Thank u for pointing me in a direction

Regards,

Arun
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck