====== Network Access Control ( NAC ) Requirements for access to Duke Health Networks ======

Duke has rolled out specific security requirements for access to the DHE networks.  If you use VPN on a personal machine and need to connect to DHE servers ( ie: munin, cluster, etc ) then you are expected to meet specific requirements.

1) Device registered with NAC : [[https://dukereg.duke.edu/|NAC Registration]]\\
2) Have the NAC agent installed on your local computer\\
3) Have an approved anti-virus software ( crowdstrike is preferred ) \\
4) Have an approved operating system version\\  

You can read more about NAC here : [[https://nac.dhts.duke.edu/network-access-control-nac]]


====== Steps to get registered ======


1) Download and install the FortiNAC Agent
^ Windows ^ OSX ^ Linux ^
|[[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/Windows/|FortiNAC.exe]]|[[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/OSX/FortiNAC%20Persistent%20Agent.dmg|FortiNAC.dmg]]| [[https://shadow.biac.duke.edu/Network_Requirements/NAC%20Agent/Linux/ | RHEL of Debian ]]|

2) Find your WiFi Mac Address
 - Mac : System Preferences -> Network -> Wi-Fi -> Advanced Button -> Hardware Tab
 - Windows : Control Panel > Network and Internet > Network and Sharing Center -> Network Connection -> Click Details -> Physical Address 

3) Register your device at : [[https://dukereg.duke.edu/|NAC Registration]]

4) Install an approved anti-virus software:
^ Microsoft Windows ^ Mac OSX ^
|[[https://www.avast.com/en-us/free-antivirus-download|Avast]]|[[https://www.avast.com/en-us/free-mac-security|Avast]]|
|Microsoft Windows Defender, built in Windows 10|[[https://www.bitdefender.com|Bitdefender]]|
|[[https://www.avg.com/en-us/free-antivirus-download|AVG-2019 free]]|


5) Approved Operating System versions:

^ Microsoft Windows     ^ Mac OSX ^
| Windows 8    | 11.0-Big Sur|
| Windows 10   | 12.0-Monterey|


==== Verify ====

Connect to VPN, then open a browser and go to a Duke Site to verify.\\

Note that sometimes it takes a few seconds between launching the VPN and NAC verification, so if you try to immediately connect to a DHE server you may still be in a remediation network zone.  Give it a few more seconds, or potentially reconnect to VPN if needed.



====== NAC on the DH1 wireless network ======

While on campus all NAC requirements above must be met to join the secured DH1 wireless network, which replaces clubs:\\
 * [[https://nac.dhts.duke.edu/nac-dh1-wireless| NAC DH1 wireless]]\\
 * please follow instructions for user-managed devices\\