Network Access Control

 View Only

  • 1.  Gateway and LAN enforcer

    Posted Feb 05, 2013 03:07 AM

    We have 1 LAN and Gateway enforcer which is upgraded to 12.1 RU2.

    I would like to know how will I connect the 2 enforcers to my SEPM and see them in the server lists?

     



  • 2.  RE: Gateway and LAN enforcer

    Posted Feb 05, 2013 07:42 AM

    In order to see the enforcers in the server list, ou must first connect them to your SEPM.  The below article should help:

    http://www.symantec.com/docs/HOWTO81652



  • 3.  RE: Gateway and LAN enforcer

    Posted Feb 05, 2013 05:46 PM

    Hi,

    The SEPM server can ping the enforcers and I can ping the SEPM server.

    We had also configured on the enforcer the ip of the sepm, port and key

    Base from the forums, the pre shared key of the enforcer and SEPM should be the same. this should be properly configured, the enforcers will automatically show on the admin>server lists without configuring from the server.. Is this correct?

    My problem is, it might be the pre shared key but I don't exactly remember when that key was asked during the SEPM installation.

    Since I'm using 12.1 RU2, is there a way to verify the pre shared key and to correct this?

    Do I have to change the key in the enforcers?

    Do I have to re-install the SEPM?

     

    Thanks

     



  • 4.  RE: Gateway and LAN enforcer

    Posted Feb 06, 2013 03:47 AM

    Can you take a look at the below articles?  Is this the problem you're esxperiencing?

    http://www.symantec.com/docs/TECH132455
    http://www.symantec.com/docs/TECH152606
    http://www.symantec.com/docs/TECH162054

    As it states, you no longer have to know the encryption password set during the SEPM's installation, but use the hashed KCS from the Sylink.xml file to establish Enforcer to SEPM comms.



  • 5.  RE: Gateway and LAN enforcer

    Posted Feb 06, 2013 09:34 PM

    Does my enforcer login password should be the same with my SEPM password?

    Or the smae with the encryption / hash hey?

     

     



  • 6.  RE: Gateway and LAN enforcer

    Posted Feb 06, 2013 09:41 PM

    Also, if I manage to remember the encryption password; the format would still be:

     

    spm ip ________ group ________ http 8014 key ________

    so for my understanding,

    after the key part, I can use either the encryption or the hash key (kcs). Did i get it correctly? 



  • 7.  RE: Gateway and LAN enforcer
    Best Answer

    Posted Feb 08, 2013 10:07 AM

    As far as I can tell, the command will be:

    spm ip X.X.X.X group groupname http port keyhash kcsfromSylink

    The below article shows the default login credentials for a SNAC appliance, if youve changed these and lost the password then you'll need to do a factory reset.

    http://www.symantec.com/docs/HOWTO81740

    The below article suggests the complexity requirements for the new password.

    http://www.symantec.com/docs/HOWTO81716