Q’s for Symantec
I have some confusion about what this product can do without the purchase of any Symantec appliances. I’ve read tons of guides and “how to’s” on this but…
Overview-
We already have SEP 11.06 as part of SYMC PROTECTION SUITE ENTERPRISE EDITION 3.0 (with full S/A added) running but want to add the SNAC functionality. Clients are mix of XP Pro and 64bit Win 7 and we have IAS and radius on WIN2003SRV
We were planning on buying several Dell Power Connect 5448 switch’s to handle the 802.1x part
Goals are
- protect our LAN so that non-domain computers plugged into a jack anywhere on site are shunted to internet only use using a guest VLAN on the switch (non-corp network) by checking for Domain membership/creds via 802.1x in Dell switch
- If meets 802.1x, then must pass the host integrity check for AV service pack or critical MS patches etc before granted access to corp network- otherwise get shunted off to the guest VLAN access with generic notification of “failure to meet requirements” rather then adding the complexity of a remediation server(s)
1- can SNAC accomplish our goals without any additional appliances ?
2- the list of supported switch’s is quite small- is there a way to verify if this would work with a specific Dell switch like the Dell Power Connect 5448 or 5548?
3- I have installed and tested software based DHCP enforcer in a test domain and it works great, but I’m not sure if the LAN enforcer is an appliance or software. Which is it as the Symantec Glossary lists it as software but all the guides refer to an appliance?
4- is the SNAC now included free of cost with our current SEP 11 and 12 which we will be getting?
5- is there still such a thing called the Policy Manager, how can I tell if I have it installed and if not how does one install it?\
6- is there a redundant or failover setup? If the symantec server is unavailavble what happens to the client host integrety check process and will clients still have network access?
Thanks for any light you can shine on this