Network Access Control

Hi,

iam having two queries that we already installed Symantec network access control and the clients are showing the network access control option. but in manager the host integrity policy tab is not showing. and also we need to do that if antivirus definitions are out of date up to 3 days the system should not allow the user to connect in network how to do?

do you have NAC license installed?

how do you setup your NAC? with radius server + enforcer?

Ya iam having NAC license installed..

my NAC no enforcer..just passing antivirus requirements thats it.

Hi Srikant

Please Run liveupdate so the Host Integrity template would be visible

For your query regarding clients should not connect if not updated for three days please refer the following document.

Regards

Attachment(s)

Symantec Network Access Control.pdf   1.70 MB 1 version

Hello,

I would suggest you to have a look at this Download - 

How to Install Symantec Network Access Control

https://www-secure.symantec.com/connect/downloads/how-install-symantec-network-access-control

Hope that helps!!

I already referred the above article..iam having one doubt that while adding the requirements need to add in firewall or SNAC?

Sameer,

As per ur document where to add the quarantine policy for default?

Hi Srikanth

Select the group you want Click Add Policy in Quarantine Policy When Host Integrity fails

Please let me know the status and mark as a solution if it works

Regards

Sameer

Thanks i got it..once completed i will let u know..and also its not require to select the signature date? it is ok to select the definitions out of date with 2 days like that.

Yes you can select defination date as out of date for 2 days or more

Regards

Sameer

Hi,

one more doubt in adding antivirus requirement what is the command needs to add for starting the service in client if it stops?

And also in add host in quarantine what we need to add? which IP address ot how we know which client HI is failed.

You can check in Host Integrity logs and for starting you can type command SMC -start

Regards

Sameer

So i need to enter the IP for each and every PC which is having 3 days old definitions?

It is ok to add IP range instaed of single IP address, for example, if i give one IP range the systems within the range with definitions out of date for 3 days it will automatically took the action? disconnect from network?

where we are ensuring that firewall should block connecting to network?

Sameer,

Waiting for update..