Installation planning for a Gateway Enforcer appliance

Article:HOWTO55537  |  Created: 2011-06-29  |  Updated: 2011-11-17  |  Article URL http://www.symantec.com/docs/HOWTO55537
Article Type
How To


Subject


Installation planning for a Gateway Enforcer appliance

A Gateway Enforcer appliance is generally used inline as a secure policy-enforcing bridge to protect a corporate network from external intruders. Before you install a Gateway Enforcer appliance, you need to think about locating it appropriately on the network. Gateway Enforcer appliances can be placed throughout the enterprise to ensure that all endpoints comply with the security policy.

Another use of the Gateway Enforcer appliance is hosting on-demand clients for guest-users. These clients are provided with temporary access to the Enforcer, have their security credentials verified, and are then permitted onto the network.

See About the Symantec Network Access Control On-Demand Clients.

The Gateway Enforcer in this case is not passing packets through, but rather serving as a host. This capability is not often used, and is thus done from the command line of the Enforcer.

configure > advanced > guest-enf enable

See About the Enforcer appliance CLI command hierarchy.

Note:

If you are upgrading from Symantec Sygate Endpoint Protection 5.1 clients, you must upgrade Symantec Endpoint Protection Manager first, then your Enforcers, then your clients, moving them to version 12.1 first. Once you have Symantec Endpoint Protection Manager and your Enforcers at version 11.x, you must check Allow Legacy Clients on the Enforcer menu, if you have clients older than 11.x, before you take the final step. Then finish the upgrade to the current release.

Gateway Enforcer appliances typically are in use in the following network locations:

  • VPN

  • Wireless access point (WAP)

  • Dial-up (Remote access server [RAS])

  • Ethernet (local area network [LAN]) segments

Several types of planning information can help you implement Gateway Enforcer appliances in a network.


Legacy ID



v12167674_v60734173


Article URL http://www.symantec.com/docs/HOWTO55537


Terms of use for this information are found in Legal Notices