How to configure UID-override on the Symantec Network Access Control Enforcer

Article Id: 180286
Status: Published
Updated On: 05-05-2015 12:03
Legacy Id: HOWTO42271
Products:
Network Access Control
Issue/Introduction:

 

Resolution:

 

This article describes how you can change the default UID enforcement performed between the Symantec Network Access Control client and the Enforcer server.  Administrators will also be able to  modify client's HI status according to the UID status.

Run command "uid-override" under command group "configure advanced."  The available UID statuses are
     o UID Correct -- SNAC/SEP is running and connecting to same Symantec Endpoint Protection Manager as Enforcer.
     o UID Invalid -- SNAC/SEP is running but belongs to a different SEPM.
     o UID Unregistered -- SNAC/SEP is running but never talked to a SEPM server. (This requires MR5 SNAC or MR3/MR4 SEP).
     o UID Unknown -- SNAC/SEP is not running or dot1x is disabled.
 

Based on these UID status, Enforcer can modify client's HI result as one of followings:
     o Keep Current -- Enforcer will keep whatever client sends.
     o Force Passed -- Enforcer will change HI result to PASSED for the client.
     o Force Failed -- Enforcer will change HI result to FAILED for the client.
     o Force N/A -- Enforcer will change HI result to UNAVAILABLE for the client
 

The default UID override setting in RU5 is (same as MR4 Enforcer):
     o When UID is Correct, Enforcer will keep current HI
     o For other UID status, Enforcer will set HI to N/A
 

Note: Client's Profile status won't be affected by this command.

 

 

insert_drive_file Possible scenarios when UID validation could fail.doc
arrow_downward Download
insert_drive_file Possible scenarios when UID validation could fail.doc
arrow_downward Download