Symantec NAC Question
Updated: 26 Sep 2011 | 3 comments
This issue has been solved. See solution.
Hi All,
I am looking at using SNAC for remote access and internal LAN posture checking. I have a couple of questions with respect to the functionality of SNAC.
1. How will I posture check Remote access clients that are using Microsoft DirectAccess? I am assuming it will be just like a VPN solution and I would need a gateway enforcer appliance inline with the DirectAccess entry point. Please confirm or deny.
2. Does the NAC agent support Bilingual (French\English) prompts. For example, If a client recieves a prompt that it has failed the posture check and needs to be remediated, can Symantec NAC present that in English and French?
Thanks
Discussion Filed Under:
Comments
Direct Access is just a split
Direct Access is just a split tunnel VPN by default. You could use an enforcer inline or host based quarantine. The other option would be to look at leveraging MS NAP with SNAC.
Just to expand on the comment
Just to expand on the comment "or host based quarantine". If I were to implement this for DirectAccess clients, it would mean that only DirectAccess clients with the SNAC agent installed on it would be posture checked. If a DirectAccess client connected without the SNAC agent they would be given a free pass. Let me know if this is correct. Integrating SNAC with MSNAP is also one of the options I am looking into.
Thanks
You are correct about the
You are correct about the host based quarantine. If a system doesn't have the agents installed it wont be checked. MSNAP integration with SNAC for Direct Access should work well and you might be able to leverage existing infrastructure.
Would you like to reply?
Login or Register to post your comment.