Network Access Control

 View Only
  • 1.  SNAC Questions

    Posted Apr 20, 2010 06:48 PM
    I am reading about SNAC and have a few questions.  I guess there are many ways to deploy.  We didn't buy any hardware so I am guessing the Enforcer is out of the question?  When they talk about a Gateway, is that the Web Security Gateway or another product?  We have a Web Security Gateway from Symantec. 

    So I guess if no hardware what is the best way to do this?

    Anyway, any suggestions will help.

    Kris


  • 2.  RE: SNAC Questions
    Best Answer

    Posted Apr 20, 2010 06:53 PM
    Without Hardware Enforcer..the best way to go about it is by using DHCP Pluggin



    Install and configure the Symantec Network Access Control (NAC) integrated enforcer plug-in for Microsoft DHCP servers

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101315503848




  • 3.  RE: SNAC Questions

    Posted Apr 20, 2010 07:25 PM
    Vikram, quick question, and I know it is a bad thing but I can't remember our  Encryption Password  we used.  


  • 4.  RE: SNAC Questions

    Posted Apr 21, 2010 11:33 AM

    There is not any way to recover the encryption password. You can do a DR procedure, basically re-installing fresh,and then sylink swap all clients, and have a new encryption password that way. If you had an enforcer we could copy out the encrypt password, and copy it into the new enforcer.

    Basically you need this password for adding enforcers and replication.



  • 5.  RE: SNAC Questions

    Posted Apr 21, 2010 12:45 PM
    duplicate entry deleted


  • 6.  RE: SNAC Questions

    Posted Apr 21, 2010 02:12 PM
    Josh, how do we get that sylink to all clients?  I have about 10,000 clients spread across 24 different sites.


  • 7.  RE: SNAC Questions

    Posted Apr 21, 2010 02:21 PM
    do you have altiris? or sms? or some endpoint sw/patch solution? Its smc -stop, place new sylink.xml, and smc -start. Before you go down this path, which is bascially rebuiding your SEPMs (either from scratch or prefer back up database, and re-install new SEPM, and restore old database), make sure you test out SNAC and are going to deploy SNAC. there are some tools you can get from support as well like sylink swapper but it crawls a subnet basically. and make sure you have public liveupdate in their LU policies so they can get updates.

    I would advise you talk to support as well.

    Best way is enterprise sw management agent that you already use imo.



  • 8.  RE: SNAC Questions

    Posted Apr 22, 2010 12:07 AM
    Yes and No.  We have the Dell Management Console which is a very limited version of the CMS for Altiris.  I can write a script and push out the file that way.  However only half of our clients are reporting in for some reason and haven't been able to get to that project yet.

    We do have SMS as well.  Problem with SMS is the fact that you push a job but well.. maybe it will go out that hour. :)

    Guess with the two I could push out the same script and leave a mark in the reg or a file that the script looks for before running.

    I can also get the rest of the systems by doing a GPO script at logon which I really don't want to do but that will get the remaining that are not reporting to DMC and SMS.

    Thanks,

    Kris