Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Symantec DHCP Enforcer

Created: 06 May 2012 | 3 comments

Hi,

I want to achieve the following using Symantec NAC and Symantec Endpoint Protection Manager:

- Isolate guest computers (which are not member of Active Directory domain) to a guest subnet by assigning them IP from guest DHCP pool.

My questions are:

1) Does this requires installing SNAC Agent on the guest computer to check whether it is domain member or not?

2) What are the steps required to achieve this?

Thanks.

Comments 3 CommentsJump to latest comment

SMLatCST's picture

any more.  This used be an available option when using the DHCP Encforcer appliance, but that went EOL.

From what I recall, the integrated DHCP enforcer only allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources.

mialee's picture

Thanks for the reply.

I'm trying to achieve the same what you mentioned:

"allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources."

But for me, the criteria to differentiate between compliant and non-compliant is Active Directory domain membership.

Is it possible to declare a PC compliant or non-compliant (using SNAC) based on its membership of Windows Domain?

If yes, then I believe it should be possible to assign such PCs a quarantine subnet using DHCP Enforcer plugin.

Did anyone try to achieve this with SNAC before?