DescriptionGuest users have access to internal network
ScopeVersion: 6.x and Higher
SolutionVersion: 6.x and Higher
Issue: A host registered on the guest network can then plug into a switch on the internal network and not be isolated by Network Sentry.
Solution:
1. Create a User/Host Profile that matches the following criteria:
Location = L2 Wired Switches (assuming this covers all access switches).
User or host Security Access Value = Guest role value
2. Create Network access configuration for the VLAN for DEAD end or Guest VLAN.
3. Create a Network Access Policy using the User/Host Profile and Configuration.
4. Set the new policy's rank to 1 (top of the list).
5. Place Ports in a group and add the group to Role Based Access (if not already done).