Network Access Control

 View Only

  • 1.  SNAC Implementation doubts

    Broadcom Employee
    Posted May 15, 2012 06:02 AM

    Hello Everyone,

    Is is possible to block the clients connecting to the network if the client definitions were out of data for 3 days ?

    If it's possible I need guidence to implement the same.



  • 2.  RE: SNAC Implementation doubts

    Posted May 15, 2012 06:24 AM
      |   view attached

    Part 1, is in the creation of a HI policy to check for the AV requirement as below:

    http://www.symantec.com/docs/HOWTO55511

    The second part is the actual control side of things, and is dependant upon the results of Part1.  This control part is where you would typically use self-enforcement to block access to network resources, or use one of the enforcers (DHCP/LAN/Gateway) to control network access.



  • 3.  RE: SNAC Implementation doubts
    Best Answer

    Posted Jun 06, 2012 05:06 AM

    Hi;

    SMLatCST mentioned you must create a HI policy for detect the AV virus definition was older than 3 day.

    Then if you use sefl enforcement you must use a quarantine firewall policy to block network access.

    If you use lan enforcer or DHCP enforcer

    You must define the rule if the host interity failed close port or assing a vlan for Lan enforcer and For DHCP enforcer while HI failed its stay on the qurantine ip range. You can still block with Qurantine firewall policy as well.

    Regards. 



  • 4.  RE: SNAC Implementation doubts

    Broadcom Employee
    Posted Jun 06, 2012 06:44 AM

    Thanks to both of you.



  • 5.  RE: SNAC Implementation doubts

    Posted Jun 26, 2012 07:53 AM

    Iam looking for this requirement only..thanks