Self-Enforcement uses firewall policies to block a system's access to your network if it fails a compliance audit. A SNAC agent must already be pre-installed for this to work - this is ideal for maintaining complaince standards throughout your corporate infrastructure.
Example: If a system's AV definitions were out of date, the SNAC host-integrity check would fail, causing the "quaratine" firewall policy to be enforced. This firewall policy (that you confirgured) would block all outgoing network access...except for connecting to the server which provides AV updates.
Gateway Enforcers protect segments of your network, denying access to anyone without a SNAC agent as well as SNAC agents failing the Host-Integrity check. Gateway Enforcers are installed at a physical location on your network between the equipement you are protecting and "the rest of the world".
Example: Gateway Enforcers are usually placed at the VPN gateway to prevent non-compliant systems from gaining access from the outside. It could also be used internally to protect HR/Payroll databases, corporate networks from lab environments.