Network Access Control

 View Only

  • 1.  Symantec DHCP Enforcer

    Posted May 07, 2012 12:28 AM

    Hi,

    I want to achieve the following using Symantec NAC and Symantec Endpoint Protection Manager:

    - Isolate guest computers (which are not member of Active Directory domain) to a guest subnet by assigning them IP from guest DHCP pool.

    My questions are:

    1) Does this requires installing SNAC Agent on the guest computer to check whether it is domain member or not?

    2) What are the steps required to achieve this?

     

     

    Thanks.



  • 2.  RE: Symantec DHCP Enforcer

    Posted May 08, 2012 01:04 AM

    Please help!!!



  • 3.  RE: Symantec DHCP Enforcer

    Posted May 09, 2012 07:06 AM

    any more.  This used be an available option when using the DHCP Encforcer appliance, but that went EOL.

    From what I recall, the integrated DHCP enforcer only allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources.



  • 4.  RE: Symantec DHCP Enforcer

    Posted May 13, 2012 01:36 AM

    Thanks for the reply.

    I'm trying to achieve the same what you mentioned:

    "allows the assignement of a quarantine subnet mask to non-compliant clients so that they are only able to access pre-defined network resources."

    But for me, the criteria to differentiate between compliant and non-compliant is Active Directory domain membership.

    Is it possible to declare a PC compliant or non-compliant (using SNAC) based on its membership of Windows Domain?

    If yes, then I believe it should be possible to assign such PCs a quarantine subnet using DHCP Enforcer plugin.

     

    Did anyone try to achieve this with SNAC before?