What you can do with Symantec Enforcer appliances
|Article:HOWTO55701|||||Created: 2011-06-29|||||Updated: 2011-11-17|||||Article URL http://www.symantec.com/docs/HOWTO55701|
For example, you can install an Enforcer appliance between the network and a VPN server. You can also set up enforcement on the client computers that connect to the network with an 802.1x-aware switch or a wireless access point.
An Enforcer appliance performs host authentication rather than user-level authentication. It ensures that the client computers that try to connect to an enterprise network comply with the security policy of that enterprise. You can configure specific security policies on the Symantec Endpoint Protection Manager.
If the client does not comply with the security policies, the Enforcer appliance can take the following actions:
The Enforcer appliance can redirect the client to a quarantine area with a remediation server. The client can then obtain the required software, applications, signature files, or patches from the remediation server.
For example, part of a network may already be configured for the clients that connect to the local area network (LAN) through 802.1x-aware switches. If that is the case, you can use a LAN Enforcer appliance for these clients.
If you want to implement high availability for LAN Enforcer appliances, you must install multiple LAN Enforcer appliances and an 802.1x-aware switch. High availability is accomplished through the addition of an 802.1x-aware switch. If you only install multiple LAN Enforcer appliances without an 802.1x-aware switch, then high availability fails. You can configure an 802.1x-aware switch for high availability.
In some network configurations, a client may connect to a network through more than one Enforcer appliance. After the first Enforcer appliance provides authentication to the client, the remaining Enforcer appliances authenticate the client before the client can connect to the network.
Article URL http://www.symantec.com/docs/HOWTO55701