Network Access Control

 View Only

  • 1.  Replication of NAC Setting

    Posted Jan 13, 2011 12:48 AM

    Hi,

    would like to know is NAC group & setting will replicate each other between two SEPM server?

    As, currently i did edit on NAC group, the setting is not replicate to another replication partner.

     

    Regards,



  • 2.  RE: Replication of NAC Setting

    Posted Jan 17, 2011 03:59 PM

     

    The enforcers aren’t designed to failover between sites. Sites were designed for geographical roaming and not failover. So as enforcers don’t geographically move, this facility was not originally designed to be built in.  We are currently looking into changing this functionality in a future release, though the timeline is yet to be confirmed.

    However, there is a way that you can copy the settings from one site to another.  If you need to copy the profile from a primary to a 2nd site, you can export the enforcer properties as an xml from the group in the primary site and import them into the 2nd site. 

    This is a manual process but as enforcer settings don’t change frequently should work and prevent IP addresses etc being manually entered twice.

     

     

     



  • 3.  RE: Replication of NAC Setting

    Posted Jan 17, 2011 08:26 PM

    Thanks..

    Is it works in 2 Managment Server with 1 Single Database design?

    It is for management server failover.

     

    Regards,



  • 4.  RE: Replication of NAC Setting

    Posted Jan 18, 2011 01:57 PM

    You can utilize Management Server Lists to allow Enforcer communication to same-site SPMs, for redundancy purposes.  

    I recommend creating and using separate Management Server Lists for your clients and Enforcers.

     

    Adding a Management Server List

    http://www.symantec.com/business/support/index?page=content&id=HOWTO27384

     

    Implementation guide for SNAC Enforcement

    http://www.symantec.com/business/support/index?page=content&id=DOC2364