I’ve testing the NAC locally and although I can deny access to the internet, the devices still have access to the local servers/archives/etc… which is something I want to avoid. Any tips on how to make it work?
The ideal way to accomplish this involves defining Permission settings for Enforcement Policy
Each enforcement policy has a set of permissions for which network objects the nodes can connect with, as well as when , and which services may be used. These conditions that make up a permission set are the network, time and service objects. Create a new network object defining which IP addresses or range of addresses you want the blocked nodes to be able to connect to. All other connections will be denied by default
I Hope this helps,
Let me know if you have more questions!