Video Screencast Help

Symantec DHCP Enforcer

Created: 06 May 2012 | 3 comments

Hi,

I want to achieve the following using Symantec NAC and Symantec Endpoint Protection Manager:

- Isolate guest computers (which are not member of Active Directory domain) to a guest subnet by assigning them IP from guest DHCP pool.

My questions are:

1) Does this requires installing SNAC Agent on the guest computer to check whether it is domain member or not?

2) What are the steps required to achieve this?

 

 

Thanks.

Comments 3 CommentsJump to latest comment

SMLatCST's picture

any more.  This used be an available option when using the DHCP Encforcer appliance, but that went EOL.

From what I recall, the integrated DHCP enforcer only allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources.

mialee's picture

Thanks for the reply.

I'm trying to achieve the same what you mentioned:

"allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources."

But for me, the criteria to differentiate between compliant and non-compliant is Active Directory domain membership.

Is it possible to declare a PC compliant or non-compliant (using SNAC) based on its membership of Windows Domain?

If yes, then I believe it should be possible to assign such PCs a quarantine subnet using DHCP Enforcer plugin.

 

Did anyone try to achieve this with SNAC before?