Configuring peer-to-peer authentication
|Article:HOWTO80751|||||Created: 2012-10-24|||||Updated: 2013-10-07|||||Article URL http://www.symantec.com/docs/HOWTO80751|
You can use peer-to-peer authentication to allow a remote client computer (peer) to connect to another client computer (authenticator) within the same corporate network. The authenticator temporarily blocks inbound TCP and UDP traffic from the remote computer until the remote computer passes the Host Integrity check.
You must have Symantec Network Access Control is installed and licensed to view this option.
The Host Integrity check verifies the following characteristics of the remote computer:
The remote computer has both Symantec Endpoint Protection and Symantec Network Access Control installed.
The remote computer meets the Host Integrity policy requirements.
If the remote computer passes the Host Integrity check, the authenticator allows the remote computer to connect to it.
If the remote computer fails the Host Integrity check, the authenticator continues to block the remote computer. You can specify how long the remote computer is blocked before it can try to connect to the authenticator again. You can also specify certain remote computers to always be allowed, even if they will not pass the Host Integrity check. If you do not enable a Host Integrity policy for the remote computer, the remote computer passes the Host Integrity check.
Peer-to-peer authentication information appears in the Compliance Enforcer Client log and in the Network Threat Protection Traffic log.
Peer-to-peer authentication works in server control and mixed control, but not in client control.
Do not enable peer-to-peer authentication for the clients that are installed on the same computer as the management server. Otherwise, the management server cannot download policies to the remote computer if the remote computer fails the Host Integrity check.
To configure peer-to-peer authentication
In the console, open a Firewall policy.
In the Firewall Policy page, click Peer-to-Peer Authentication Settings.
On the Peer-to-Peer Authentication Settings pane, check Enable peer-to-peer authentication.
Configure each of the values that is listed on the page.
For more information about these options, click Help.
To allow remote computers to connect to the client computer without being authenticated, check Exclude hosts from authentication, and then click Excluded Hosts.
The client computer allows traffic to the computers that are listed in the Host list.
In the Excluded Hosts dialog box, click Add to add the remote computers that do not have to be authenticated.
In the Host dialog box, define the host by IP address, IP range, or the subnet, and then click OK.
In the Excluded Hosts dialog box, click OK.
When you are done with the configuration of this policy, click OK.
If you are prompted, assign the policy to a location.
See Editing a policy.
Article URL http://www.symantec.com/docs/HOWTO80751