Network Access Control

 View Only

  • 1.  NAC (Network Access Control) When authenticate Clients Ip address Range for Clients, many clients computers that working with Health state On line are blocking the traffic.

    Posted May 10, 2013 09:33 AM

    Dear all,

    I use Windows Server 2008 Standart R2 with Symantec Endpoint Protection 12.1 installed in my environment, my clients computer have Symantec 12.1.100 with Windows XP and 7.

    Yesterday I applied NAC solution in my Network environment. After applied many Clients computers , almost sixty per cent of my computers park are blocking the traffic.


    The computers that are blocking show in the Symantec Endopint Protection Manager with the Health State OnLine, but I don´t know why computers blocking the traffic with Healh State on Line.

    I need to know if exist some procedure to do, that synchronize the NAC policy with Clients that working well.

    Why the NAC blocked  Clients that health is well ?

    If some can help, I´m appreciate.



  • 2.  RE: NAC (Network Access Control) When authenticate Clients Ip address Range for Clients, many clients computers that working with Health state On line are blocking the traffic.

    Posted May 10, 2013 11:43 AM

    To clarify, the Health State indicated in the SEPM Clients view, only shows whether or not the client is in contact and being managed by the SEPM.  This is not an indicator of your SEP Clients' compliance with the SNAC HI policy.

    You can see the compliance of your clients via the SEPM under MONITORS -> Logs and using the below options:

     

    Log Type = Compliance
    Log Content = Client Host Integrity

    And whatever time frame you need.

    This will return the logs for the HI events.  It's also worth bearing in mind that SNAC cannot natively block anything.  The action to block is something that must be configured (either using the Quarantine Policy option in the SEPM or through the use of the SNAC Enforcers).  What do you have configured?



  • 3.  RE: NAC (Network Access Control) When authenticate Clients Ip address Range for Clients, many clients computers that working with Health state On line are blocking the traffic.

    Posted May 10, 2013 01:08 PM
      |   view attached

    Dear SMLatSXT,

    In my SEPM not exist this Monitor Log File type, I have only the Monitor Log Files bellow:

    Log Type: Compliance

    Log Content: Enforce Client

                            Enforce Server

                            Enforce Traffic

                            Host Compliance.

    My NAC is configured to block the internet traffic, when the computer clinets haven´t SEP clinets intalled. Example: If some guest Computer connect in my Network and try surf on the internet, is request to install Symantec.

     



  • 4.  RE: NAC (Network Access Control) When authenticate Clients Ip address Range for Clients, many clients computers that working with Health state On line are blocking the traffic.

    Posted May 13, 2013 03:29 AM

    If you're looking to block clients without SEP installed, then it would require an enforcer.  What are you using to perform the blocking?

    Also, if machines with SEP installed are still failing the HI check, then you want to look at the "Host Compliance" logs to see what requirement failed.



  • 5.  RE: NAC (Network Access Control) When authenticate Clients Ip address Range for Clients, many clients computers that working with Health state On line are blocking the traffic.

    Posted Jun 04, 2013 06:53 PM

    Hi Men.

    Do you have configure SNAC to validate as Self-enforce (with the firewall) or have some Enforcer into network??

    Will be helpfull if you can upload an image or say what policies you validate and what is the action when fail the authentication. This is because I saw some cases that client show the autehtication fail without logical reason.

    Regards.