Network Access Control

Hello,

I was wondering really if anyone would be able to help me? I have to do a presentation on Symantec Network Access Control and I was wondering if anyone simply in leymans terms, would mind explaining the elements of Self Enforcement and Gateway Enforcement. It's only a small presentation and I don't want it to be over-wordy which is impossible to do reading from the Symantec website and datasheets!

Any help is much appreciated!

Thanks,

Rob

Hi Rob,

I would suggest reading the SEP 12.1 Implementation Guide pdf

http://www.symantec.com/business/support/index?page=content&id=DOC4321&actp=search&viewlocale=en_US&searchid=1310758726174 

hi noob,

                   Just go to symantec network access control knowledgebase and search for self enforcemnt and DHCP enforcer overview.

Regards,

Milind Y

Self-Enforcement uses firewall policies to block a system's access to your network if it fails a compliance audit.   A SNAC agent must already be pre-installed for this to work - this is ideal for maintaining complaince standards throughout your corporate infrastructure.  

Example:  If a system's AV definitions were out of date, the SNAC host-integrity check would fail, causing the "quaratine" firewall policy to be enforced.   This firewall policy (that you confirgured) would block all outgoing network access...except for connecting to the server which provides AV updates.

Gateway Enforcers protect segments of your network, denying access to anyone without a SNAC agent as well as SNAC agents failing the Host-Integrity check.   Gateway Enforcers are installed at a physical location on your network between the equipement you are protecting and "the rest of the world".

Example:  Gateway Enforcers are usually placed at the VPN gateway to prevent non-compliant systems from gaining access from the outside.  It could also be used internally to protect HR/Payroll databases, corporate networks from lab environments.