Network Access Control

 View Only

  • 1.  How can I fix a problem with authentication of SPA and what is the check point?

    Posted Jan 14, 2010 04:23 AM
    Dear all,

    I have a problem with the authentication between SPA(Sygate Protection Agent) 5.x and Gateway enforcer 11.x.

    The symptoms:
    1. The client PC can not access to network and internet even though SPA installed.
    2. It seems to be blocked by gateway enforcer.
    3. When the client fails to check HI(Host Integrity) or has SPA not installed and try to access to internet by using iexplorer,
        Gateway Enforcer should block the client and redirect the ciient to the custom specific web page.
        However the gateway enforcer blocked the client and didn't redirect client to the customer specific web page.
    4. I can find some logs in sylinkMonitor.
        1) <GetVpneTrafficStatus>Blocked=15; reason=127
        2) <MaintainPushConnection:>ERR to query SMS return code=-1
            <MaintainPushConnection:>LastError=12019
           <MaintainPushConnection:>COMPLETED with iRet=6

    The questions: 
    -  What does the logs in sylinkMonitor say?
        1) <GetVpneTrafficStatus>Blocked=15; reason=127
        2) <MaintainPushConnection:>ERR to query SMS return code=-1
            <MaintainPushConnection:>LastError=12019
            <MaintainPushConnection:>COMPLETED with iRet=6

    How can I fix a problem with authentication failed?
    And What are the check points?

    I need your helps...

    Thank you.


  • 2.  RE: How can I fix a problem with authentication of SPA and what is the check point?

    Posted Jan 14, 2010 09:07 AM
    I am having a very similar problem but with SEP SNAC and  Gateway Enforcer.  Out of curiosity, was everything working OK before and now this issue has suddenly surfaced?  The reason I ask is that we had no problems before, but now suddenly clients with SEP installed are being blocked by the Gateway enforcer.

    Thanks


  • 3.  RE: How can I fix a problem with authentication of SPA and what is the check point?

    Posted Jan 14, 2010 02:42 PM
    What versions of SPA and the SEP 11 enforcer are you using? Do you have other 5.x clients passing authentication?


  • 4.  RE: How can I fix a problem with authentication of SPA and what is the check point?

    Posted Jan 14, 2010 03:44 PM
    If problem just started, then it may be related to the outdated definition issue. See this KB for SNAC workaround.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

    Thomas


  • 5.  RE: How can I fix a problem with authentication of SPA and what is the check point?

    Posted Jan 22, 2010 12:23 AM
    Dear Cycletech,


    SPA and Gateway Enforcer version is.....
    1. SPA ver.
        5.1.7160
    2. Gateway Enforcer ver.
        11.0.4000 build 5119

    Gateway enforcer is in the Gateway Enforcer mode.

    Other SPA 5.x clients are passing through authentication and works very well.

    Could you explain the logs above my discussion?
    I would like to know the mean about the log for my troubleshooting of the issue.


    Thank you~ :-)