Checking the policy serial number on a client

Article:HOWTO55604  |  Created: 2011-06-29  |  Updated: 2011-11-17  |  Article URL http://www.symantec.com/docs/HOWTO55604
Article Type
How To


Subject


Checking the policy serial number on a client

The Symantec Endpoint Protection Manager updates a client's policy serial number every time that the client's security policy changes. When a client connects to the Symantec Endpoint Protection Manager, it receives the latest security policies and the latest policy serial number.

When a client tries to connect to the network through the Gateway Enforcer appliance:

  • Retrieves the policy serial number from the Symantec Endpoint Protection Manager.

  • Compares the policy serial number with the one that it receives from the client.

  • If the policy serial numbers match, the Gateway Enforcer appliance has validated that the client is running an up-to-date security policy.

The default value for this setting is not enabled.

The following guidelines apply:

  • If the Check the Policy Serial Number on Client before allowing Client into network option is checked, a client must have the latest security policy before it can connect to the network through the Gateway Enforcer appliance. If the client does not have the latest security policy, the client is notified to download the latest policy. The Gateway Enforcer appliance then forwards its Gateway request to receive a quarantine network configuration.

  • If the Check the Policy Serial Number on Client before allowing Client into network option is not checked and the Host Integrity check is successful, a client can connect to the network. The client can connect through the Gateway Enforcer appliance even if its security policy is not up-to-date.

See About authentication settings on a Gateway appliance.

To have the Gateway Enforcer appliance check the policy serial number on a client

  1. In the Symantec Endpoint Protection Manager Console, click Admin.

  2. In the Admin page, click Servers.

  3. Select and expand the group of Gateway Enforcer appliances.

    The Enforcer group must include the Gateway Enforcer appliance that checks the Policy Serial Number on a client.

  4. In the Settings dialog box, on the Authentication tab, check Check the Policy Serial Number on the Client before allowing a Client into the network.

  5. Click OK.


Legacy ID



v12330051_v60734173


Article URL http://www.symantec.com/docs/HOWTO55604


Terms of use for this information are found in Legal Notices