How a Gateway Enforcer appliance works

Article:TECH91221  |  Created: 2008-01-03  |  Updated: 2008-01-03  |  Article URL http://www.symantec.com/docs/TECH91221
Article Type
Technical Solution

Product(s)

Issue



How a Gateway Enforcer appliance works


Solution



Gateway Enforcer appliances perform one-way checking. They check the clients that try to connect through the Gateway Enforcer appliance's external NIC to the company's network.

A Gateway Enforcer appliance uses the following processes to authenticate a client:
  • When a client tries to access the network, the Gateway Enforcer appliance first checks whether the client runs the Symantec Endpoint Protection client or the Symantec Network Access Control client. If the client runs any of the client software, the Gateway Enforcer appliance begins the host authentication process.
  • The client that runs on a user's computer performs a Host Integrity check. It then passes the results to the Gateway Enforcer appliance with its identification information and information about the status of its security policy.
  • The Gateway Enforcer appliance verifies with the Symantec Endpoint Protection Manager that the client is a legitimate client and that its security policy is up to date.
  • The Gateway Enforcer appliance verifies that the client has passed the Host Integrity check and therefore complies with the security policies.
  • If all processes pass, the Gateway Enforcer appliance allows the client to connect to the network.

If a client does not satisfy the requirements for access, you can set up the Gateway Enforcer appliance to perform the following actions:
  • Monitor and log certain events.
  • Block users if the Host Integrity check failed.
  • Display a pop-up message on the client.
  • Provide the client with limited access to the network to allow the use of network resources for remediation.

To set up the Gateway Enforcer appliance authentication, you can configure which client IP addresses to check. You can specify the trusted external IP addresses that the Gateway Enforcer appliance allows without authentication. For remediation, you can configure the Gateway Enforcer appliance to allow clients access to trusted internal IP addresses. For example, you can allow clients to have access to an update server or a file server that contains antivirus DAT files.

For clients without the Symantec client software, you can redirect client HTTP requests to a Web server. For example, you can provide additional instructions on where to obtain remediation software or allow a client to download client software.

You can also configure the Gateway Enforcer appliance to allow non-Windows clients to access the network. The Gateway Enforcer appliance functions as a bridge instead of a router. As soon as a client is authenticated, the Gateway Enforcer appliance forwards packets to allow the client to have access to the network.






Legacy ID



2008120314183848


Article URL http://www.symantec.com/docs/TECH91221


Terms of use for this information are found in Legal Notices