The TippingPoint NAC solution enables enterprises to enforce device and user policies to ensure endpoint compliance and granular network compliance even after initial network entry. TippingPoint NAC provides multiple enforcement options, including inline enforcement with the TippingPoint NAC Enforcer, and out-of-band options using 802.1x or DHCP, with support for various vendors and network topologies. The integration of device, user and IPS-based traffic classification and enforcement provides much greater control over network access and usage, reducing network vulnerabilities while improving policy and regulatory compliance.
TippingPoint NAC Policy Server
The NAC Policy Server provides centralized policy management as part of the TippingPoint NAC solution, and offers advanced reporting and event correlation. The centralized Web-based console allows network administrators to quickly scan through the entire network, in real-time, viewing the activity and performance of all users, applications, connections and devices. This greatly reduces troubleshooting time and expedites problem resolution. The NAC Policy Server economically scales to accommodate network infrastructure growth of users, groups and applications using a distributed design which includes the NAC Policy Enforcer. Detailed reporting provides metrics like minutes-used, and bandwidth consumed by device, user, group, access point to enable support for multiple service level agreements (SLAs). A single NAC Policy Server can support up to approximately 5,000 users.
TippingPoint NAC Policy Enforcer
The TippingPoint NAC Policy Enforcer is an in-line appliance that provides access control enforcement based on user and device criteria. It allows network administrators to designate access rules based on user identity and device type, rather than traditional port-based segmentation that may only restrict by location. As more mobile devices are introduced to the network, and enterprise employees become more transient, the network perimeter continues to erode. As consultants, contractors and guests are authorized for internal network access, an inline enforcement tool based on identity is necessary to permit only eligible users onto the network with access to only authorized resources. Working in concert with the NAC Policy Server, the NAC Policy Enforcer receives up-to-date policies for any new connection on the network, and receives any changes in a user's authentication state, and time and location-based rules.