Communication between the Enforcer appliance and clients

Article:HOWTO81760  |  Created: 2012-10-25  |  Updated: 2012-10-25  |  Article URL http://www.symantec.com/docs/HOWTO81760
Article Type
How To



Communication between the Enforcer appliance and clients

The communication between the Enforcer appliance and a client begins when the client tries to connect to the network. The Enforcer appliance can detect whether a client is running. If a client is running, the Enforcer begins the authentication process with the client. The client responds by running a Host Integrity check and by sending the results, along with its profile information, to the Enforcer.

The client also sends its Globally Unique Identifier (GUID), which the Enforcer passes on to the management server for authentication. The Enforcer appliance uses the profile information to verify that the client is up to date with the latest security policies. If not, the Enforcer appliance notifies the client to update its profile.

After the Gateway Enforcer appliance allows the client to connect, it continues to communicate with the client at regular predefined intervals. This communication enables the Enforcer appliance to continue to authenticate the client. For the LAN Enforcer appliance, the 802.1x switch handles this periodic authentication. For example, the 802.1 switch starts a new authentication session when re-authentication time comes.

The Enforcer appliance needs to run at all times; otherwise the clients that try to connect to the corporate network may be blocked.

See Creating and testing a Host Integrity policy.


Legacy ID



v9237635_v81664632


Article URL http://www.symantec.com/docs/HOWTO81760


Terms of use for this information are found in Legal Notices