This article describes how you can change the default UID enforcement performed between the Symantec Network Access Control client and the Enforcer server. Administrators will also be able to modify client's HI status according to the UID status.
Run command "uid-override" under command group "configure advanced." The available UID statuses are
o UID Correct -- SNAC/SEP is running and connecting to same Symantec Endpoint Protection Manager as Enforcer.
o UID Invalid -- SNAC/SEP is running but belongs to a different SEPM.
o UID Unregistered -- SNAC/SEP is running but never talked to a SEPM server. (This requires MR5 SNAC or MR3/MR4 SEP).
o UID Unknown -- SNAC/SEP is not running or dot1x is disabled.
Based on these UID status, Enforcer can modify client's HI result as one of followings:
o Keep Current -- Enforcer will keep whatever client sends.
o Force Passed -- Enforcer will change HI result to PASSED for the client.
o Force Failed -- Enforcer will change HI result to FAILED for the client.
o Force N/A -- Enforcer will change HI result to UNAVAILABLE for the client
The default UID override setting in RU5 is (same as MR4 Enforcer):
o When UID is Correct, Enforcer will keep current HI
o For other UID status, Enforcer will set HI to N/A
Note: Client's Profile status won't be affected by this command.