What happens if Enforcer appliances cannot communicate with Symantec Endpoint Protection Manager?

Article:HOWTO81772  |  Created: 2012-10-25  |  Updated: 2012-10-25  |  Article URL http://www.symantec.com/docs/HOWTO81772
Article Type
How To


Subject


What happens if Enforcer appliances cannot communicate with Symantec Endpoint Protection Manager?

If you plan to use Enforcers with Symantec Endpoint Protection, we recommend that you have redundant management servers. If the Symantec Endpoint Protection Manager is unavailable, the Enforcer blocks the traffic from the clients.

Redundant management servers are preferable. The Enforcer sends a UDP packet on port 1812 by using the RADIUS protocol to the Symantec Endpoint Protection Manager to verify the GUID from the clients. If a firewall blocks this port or if a Symantec Endpoint Protection Manager is unavailable, then the clients are blocked.

An option on the Enforcer allows client access to the network when the Symantec Endpoint Protection Manager is unavailable. If this option is enabled and the Symantec Endpoint Protection Manager is unavailable, the GUID check and the profile checks are not performed. Only the Host Integrity check can be performed on the client when the Symantec Endpoint Protection Manager is unavailable.

You can use the advanced local-auth command to enable or disable the Enforcer's authentication of a client.


Legacy ID



v9239178_v81664632


Article URL http://www.symantec.com/docs/HOWTO81772


Terms of use for this information are found in Legal Notices