3.1.3. ON NAC

The OpenNAC Enterprise module named ON NAC mainly manages NAC (Network Access Control), policies (visibility, profiling, access), and its configuration.

../../../_images/onnac_index.png


Before performing any configuration tasks, it is important to understand the terminology related to the OpenNAC Enterprise module and its corresponding concepts, representing levels of configuration and customization:

  • Business Profiles: It allows the creation, review, and search for information over the business profiles (Policy Groups). Business profiles allow grouping policies, tags, or EPT following different criteria, which can be technical or business events.

  • Policies: The main engine of OpenNAC Enterprise, policies allow defining the behavior of OpenNAC, from the control of devices’ access to their visibility.

  • Tag Policies In this section you can generate policies based on tags so that they are assigned dynamically. This provides flexibility to create tags based on logical syntax as AND, OR, NOT.

  • Profiling: It allows defining different parameters to evaluate every single asset discovered by OpenNAC Enterprise. Based on this evaluation OpenNAC inserts a tag on an asset and the user can generate a policy for validating or filtering the assets that match with it. The main objective is the classification by endpoint type (EPT).