Video Screencast Help

Network Access control

Created: 25 Mar 2012 • Updated: 25 Mar 2012 | 15 comments

Hi,

iam having two queries that we already installed Symantec network access control and the clients are showing the network access control option. but in manager the host integrity policy tab is not showing. and also we need to do that if antivirus definitions are out of date up to 3 days the system should not allow the user to connect in network how to do?

Comments 15 CommentsJump to latest comment

cus000's picture

do you have NAC license installed?

 

how do you setup your NAC? with radius server + enforcer?

Srikanth_Subra's picture

Ya iam having NAC license installed..

my NAC no enforcer..just passing antivirus requirements thats it.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SameerU's picture

Hi Srikant

Please Run liveupdate so the Host Integrity template would be visible

For your query regarding clients should not connect if not updated for three days please refer the following document.

 

Regards

AttachmentSize
Symantec Network Access Control.pdf 1.7 MB
Srikanth_Subra's picture

Sameer,

As per ur document where to add the quarantine policy for default?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Mithun Sanghavi's picture

Hello,

I would suggest you to have a look at this Download - 

How to Install Symantec Network Access Control

https://www-secure.symantec.com/connect/downloads/how-install-symantec-network-access-control

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

I already referred the above article..iam having one doubt that while adding the requirements need to add in firewall or SNAC?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SameerU's picture

Hi Srikanth

 

Select the group you want Click Add Policy in Quarantine Policy When Host Integrity fails

Please let me know the status and mark as a solution if it works

Regards

Sameer

Srikanth_Subra's picture

Thanks i got it..once completed i will let u know..and also its not require to select the signature date? it is ok to select the definitions out of date with 2 days like that.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SameerU's picture

Yes you can select defination date as out of date for 2 days or more

Regards

Sameer

Srikanth_Subra's picture

Hi,

one more doubt in adding antivirus requirement what is the command needs to add for starting the service in client if it stops?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

And also in add host in quarantine what we need to add? which IP address ot how we know which client HI is failed.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

SameerU's picture

You can check in Host Integrity logs and for starting you can type command SMC -start

Regards

Sameer

Srikanth_Subra's picture

So i need to enter the IP for each and every PC which is having 3 days old definitions?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

It is ok to add IP range instaed of single IP address, for example, if i give one IP range the systems within the range with definitions out of date for 3 days it will automatically took the action? disconnect from network?

where we are ensuring that firewall should block connecting to network?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

Sameer,

Waiting for update..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)