I am pretty well versed in SEP as with the previous corporate versions. We aquired SNAC with our latest purchase of the Endpoint Protection Suite, or whatever Symantec is calling the product this week.
I am hoping to setup my VPN clients without having to worry about the garbage on their PCs, so I installed SNAC (If you are using the latest version of SEP you may have to follow these instructions to install the currently-behind SNAC version:
http://service1.symantec.com/support/ent-security.nsf/docid/2009060511434448 )
I started playing with the host integrity policy on a new "VPN_Test" group.
I am hoping to do this without any extra software or appliances... Of course my reseller assured me that wouldn't be the case
- How do I ensure that the VPN client isn't installed without the SNAC/SEP components?
- Perhaps should I try using a packaging app like WinInstall LE to bundle a custom SEP/SNAC package with the VPN client?
- How does the Host Integrity Policy "fail" status actually block the remote VPN client from our corporate network?
I am looking for simple instructions on this, so far in these couple-hundred page PDFs it keeps mentioning the "Enforcer" and "DHCP Enforcer" but no specific method of having SEP/SNAC do the blocking/allowing of the VPN client into the network.. Or perhaps if the HI policy fails it will implement an application blocking policy that blocks the VPN client.
What are people doing in this or very similar remote access scenarios?