Technical Note: Hosts Can Access the Internet from Registration / Isolation Network
Description
Solution
Hosts Can Access the Internet from Registration / Isolation Network
Solution
Issue:
Hosts with static DNS settings configured may be able to access the internet from the Registration / Isolation networks. Static DNS settings are configured in the IPv4 Properties of the adapter. Network Sentry isolates hosts by using DNS redirection so a static DNS setting on the end station may appear to circumvent this isolation.Solution:
Configure the Registration / Isolation network ACLs to only allow port 53 traffic (DNS) to Network Sentry's Ethernet 1 ip address (Registration / Isolation).