Authentication settings on a Gateway appliance

Article:HOWTO81609  |  Created: 2012-10-25  |  Updated: 2012-10-25  |  Article URL http://www.symantec.com/docs/HOWTO81609
Article Type
How To


Subject


Authentication settings on a Gateway appliance

You may want to implement a number of authentication settings to further secure the network.

Table: Authentication configuration settings for a Gateway Enforcer appliance provides more information about the options on the Authentication tab.

Table: Authentication configuration settings for a Gateway Enforcer appliance

Option

Description

Maximum number of packets per authentication session

The maximum number of challenge packets that the Gateway Enforcer appliance sends in each authentication session.

The default number is 10 packets. The range is 2 through 100 packets.

See Specifying the maximum number of challenge packets during an authentication session.

Time between packets in authentication session (seconds)

The time in seconds between each challenge packet that the Enforcer sends.

The default value is 3 seconds. The range is 3 through 10.

See Specifying the frequency of challenge packets to be sent to clients.

Time rejected client will be blocked (seconds)

The amount of time in seconds for which a client is blocked after it fails authentication.

The default setting is 30 seconds. The range is 10 through 300 seconds.

See Specifying the time period for which a client is blocked after it fails authentication.

Time authenticated client will be allowed (seconds)

The amount of time in seconds for which a client is allowed to retain its network connection without reauthentication.

The default setting is 30 seconds. The range is 10 through 300 seconds.

See Specifying the time period for which a client is allowed to retain its network connection without reauthentication.

Allow all clients, but continue to log which clients are not authenticated

If this option is enabled, the Gateway Enforcer appliance authenticates all users by checking that they are running a client. The Gateway Enforcer appliance also checks if the client passed the Host Integrity check. If the client passes the Host Integrity check, the Gateway Enforcer appliance then logs the results. It then forwards the Gateway request to receive a normal rather than a quarantine network configuration, whether the checks pass or fail.

The default setting is not enabled.

See Allowing all clients with continued logging of non-authenticated clients.

Allow all clients with non-Windows operating systems

If this option is enabled, the Gateway Enforcer checks for the operating system of the client. The Gateway Enforcer appliance then allows all clients that do not run the Windows operating systems to receive a normal network configuration without being authenticated. If this option is not enabled, the clients receive a quarantine network configuration.

The default setting is not enabled.

See Allowing non-Windows clients to connect to a network without authentication.

Check the Policy Serial Number on Client before allowing Client into network

If this option is enabled, the Gateway Enforcer appliance verifies that the client has received the latest security policies from the management server. If the policy serial number is not the latest, the Gateway Enforcer notifies the client to update its security policy. The client then forwards the Gateway request to receive a quarantine network configuration.

If this option is not enabled and if the Host Integrity check succeeds, the Gateway Enforcer appliance forwards the Gateway request to receive a normal network configuration. The Gateway Enforcer forwards the request even if the client does not have the latest security policy.

The default setting is not enabled.

See Checking the policy serial number on a client.

Enable pop-up message on client if Client is not running

If this option is enabled, a message appears to users on Windows computers that try to connect to an enterprise network without running a client. The default message is set to display only one time. The message tells the users that they are blocked from accessing the network because a client is not running and tells them to install it. To edit the message or to change how often it is displayed, you can click Message. The maximum message length is 128 characters.

The default setting is enabled.

Note:

Popup messages do not appear on Mac clients.

See Sending a message from a Gateway Enforcer appliance to a client about non-compliance.

Enable HTTP redirect on client if Client is not running

If this option is enabled, the Gateway Enforcer can redirect clients to a remediation Web site.

If this option is enabled, the Gateway Enforcer appliance redirects HTTP requests to an internal Web server if the client does not run.

This option cannot be enabled without having specified a URL.

The default setting is enabled, with the value http://localhost.

See Redirecting HTTP requests to a Web page.

HTTP redirect URL

You can specify a URL of up to 255 characters when you redirect clients to a remediation Web site.

The default setting for the redirect URL is http://localhost.

See Redirecting HTTP requests to a Web page.

HTTP redirect port

You can specify a port number other than 80 when you redirect clients to a remediation Web site.

The default setting for the Web server is port 80.

See Redirecting HTTP requests to a Web page.


Legacy ID



v12329960_v81664632


Article URL http://www.symantec.com/docs/HOWTO81609


Terms of use for this information are found in Legal Notices