Configuring peer-to-peer authentication for Host Integrity enforcement
|Article:HOWTO80751|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO80751|
You can use peer-to-peer authentication to allow a remote client computer (peer) to connect to another client computer (authenticator) within the same corporate network. The authenticator temporarily blocks inbound TCP and UDP traffic from the remote computer until the remote computer passes the Host Integrity check. You can use this enforcement technique when the remote computer is physically remote. The technique leverages advanced capabilities of the Symantec Endpoint Protection firewall to enhance access to shared files.
The Host Integrity check verifies the following characteristics of the remote computer:
The remote computer has Symantec Endpoint Protection installed.
The remote computer passed the Host Integrity check.
If the remote computer passes the Host Integrity check, the authenticator allows inbound connections from the remote computer.
If the remote computer fails the Host Integrity check, the authenticator continues to block the remote computer. You can specify how long the remote computer is blocked before it can try to connect to the authenticator again. You can also specify certain remote computers to always be allowed, even if they do not pass the Host Integrity check. If you do not enable a Host Integrity policy for the remote computer, the remote computer passes the Host Integrity check.
Peer-to-peer authentication information appears in the Network Threat Protection Traffic log.
Peer-to-peer authentication works in server control and mixed control, but not in client control.
To configure peer-to-peer authentication for Host Integrity enforcement
In the console, open a Firewall policy.
On the Firewall policy page, click Peer-to-Peer Authentication Settings.
On the Peer-to-Peer Authentication Settings page, check Enable peer-to-peer authentication.
Configure each value that is listed on the page.
For more information about these options, click Help.
To allow remote computers to connect to the client computer without being authenticated, check Exclude hosts from authentication, and then click Excluded Hosts.
The client computer allows traffic to the computers that are listed in the Host list.
In the Excluded Hosts dialog box, click Add to add the remote computers that do not have to be authenticated.
In the Host dialog box, define the host by IP address, IP range, or the subnet, and then click OK.
In the Excluded Hosts dialog box, click OK.
If you are prompted, assign the policy to a group.
Article URL http://www.symantec.com/docs/HOWTO80751