Network Access Control

 View Only

  • 1.  System is getting quarantined even though host intigrity check pass

    Posted Aug 12, 2009 04:26 AM
    Hi,

    I am facing a strange problem. i have installed DHCP enforcer and created some policies in SEP (host intigrity). Some of the clients are getting quarantined IP address range (subnet mask) even though the clients are having all the policies up to date. In the SEP client window under Network Access Control option it is showing Allowed but the subnet mask is still of qurantine range (255.255.255.255). Surprisingly when I am checking in DHCP plugin under client log, it is not showing me the log for the same system.

    Is there anyone who has faced this similar kind of issue or known issue?


    Regards,


  • 2.  RE: System is getting quarantined even though host intigrity check pass

    Posted Aug 12, 2009 11:30 AM
    A possible cause:
    The Dynamic Host configuration Protocol (DHCP) lease on the quarantine DHCP server is too long

    Solution   
    If authentication is not successful, for example, if an Agent is not running, the client starts the DHCP renewal process as usual after half of the lease time has elapsed. Therefore, a short lease time to the quarantine configuration should be assigned.  Symantec recommends 2 minutes.

    See KB - http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007378141105298



  • 3.  RE: System is getting quarantined even though host intigrity check pass

    Posted Aug 13, 2009 12:20 AM
    Hi,

    Thanks for the reply. I have the same setting on DHCP server (i.e. 2min.) which is discribed by you. But still not able to solve the problem.

    Regards,


  • 4.  RE: System is getting quarantined even though host intigrity check pass

    Posted Aug 20, 2009 06:34 AM

    Hi,

    I had logged the case in symantec Technical Support for this issue. I have recieved the mail from Symantec stating that there is a issue with the MR4SP2 version (for DHCP enforcer NAC). And advised me to wait for MR5MP1 release.

    Symantec Technical Support also told me that they have same cases like this with them and developement team is working on the same.


    This is just for information, so if any one is facing this same issue has to wait for MR5MP1 release.


    Regards,


  • 5.  RE: System is getting quarantined even though host intigrity check pass

    Posted Apr 15, 2010 08:40 AM

    Hi,

    I am facing a strange problem. i have installed SEP 11 and created some policies in SEPM (host intigrity through NAC). Some of the clients are getting quarantined even though the clients are having all the policies up to date. In the SEP client window under Network Access Control option it is showing Allowed but still client gets quarantined. 


    Iin SEP 11.0 when we install SEP client on m/c with NAC componant what is the diffrence between Network Access Control Allowed & 
     Network Access Control Approved.



  • 6.  RE: System is getting quarantined even though host intigrity check pass

    Posted Apr 21, 2010 10:19 AM
    What do the the client log(s) show? This is SNAC and Self Enforcement only right? If this is Enforcement with An Enforcer, which type?