When a client connects to network, the LAN enforcer would give 30 seconds grace period for client to communicate with SEPM. During this time, client would pull new policy if it is different. If client failed to do so, it would follow the rules set by policy "check requirement" from the LAN Enforcer.
Profile check "Passed": Client has the latest profile.
Profile check "Failed": Can either ignore result (it may also fail HI check) or switch to V-LAN to run remediation process (update new policy serial number from SEPM).
Profile check "Unavailable": Profile check result was not available.
Policy check can either ignore result or switch to V-LAN to run remediation process (allowing client option to update new policy serial number from SEPM).
This result for the profile might occur under the following conditions:
- If the client has an invalid identifier so that the Enforcer can obtain no profile information from the Protection Manager. This result can occur if the Protection Manager that deployed the client profile is no longer available.
- When the client is first exported and installed, before it connects to the Protection Manager and receives its profile.