Network Access Control

I am testing Symantec NAC solution for gateway enforcer.

When my test pc is not installed nac agent, I can find agent program from redirection web page.

So I can easily installed nac agent.

I need host integration check. If my test pc is installed nac agent and not installed winamp program then

prevent network access to the internet. If I need this function. Is it possible only nac agent?

Or I must have an SEP firewall function???

The SEP Firewall is only really required if you want to perform self-enforcement (i.e. SEP/SNAC client applies a locked down FW policy in the event that the HI checks fail).

If you have a GW Enforcer, then this performs the enforcement, and the SEP FW may not be required.  This assumes that what you are aiming to enforce is "if client has failed HI Checks, then it is not allowed to access resources on the other side of the GW Enforcer".

"I need host integration check. If my test pc is installed nac agent and not installed winamp program then prevent network access to the internet. If I need this function. Is it possible only nac agent?"

You need to create an HI policy (nac agent is installed and Winamp program is not installed) on SEPM and assign it to the respective group. On the next heartbeat the endpoints will receive the HI policy and will check if Nac agent installed and Winamp agent is not installed.

If the HI policy fails...create a Quarantine firewall policy in the same group and disable Internet access.

Hope this Helps :)