How to configure UID-override on the Symantec Network Access Control Enforcer

book

Article ID: 180286

calendar_today

Updated On:

Products

Network Access Control

Issue/Introduction

 

Resolution

 

This article describes how you can change the default UID enforcement performed between the Symantec Network Access Control client and the Enforcer server.  Administrators will also be able to  modify client's HI status according to the UID status.

Run command "uid-override" under command group "configure advanced."  The available UID statuses are
     o UID Correct -- SNAC/SEP is running and connecting to same Symantec Endpoint Protection Manager as Enforcer.
     o UID Invalid -- SNAC/SEP is running but belongs to a different SEPM.
     o UID Unregistered -- SNAC/SEP is running but never talked to a SEPM server. (This requires MR5 SNAC or MR3/MR4 SEP).
     o UID Unknown -- SNAC/SEP is not running or dot1x is disabled.
 

Based on these UID status, Enforcer can modify client's HI result as one of followings:
     o Keep Current -- Enforcer will keep whatever client sends.
     o Force Passed -- Enforcer will change HI result to PASSED for the client.
     o Force Failed -- Enforcer will change HI result to FAILED for the client.
     o Force N/A -- Enforcer will change HI result to UNAVAILABLE for the client
 

The default UID override setting in RU5 is (same as MR4 Enforcer):
     o When UID is Correct, Enforcer will keep current HI
     o For other UID status, Enforcer will set HI to N/A
 

Note: Client's Profile status won't be affected by this command.

 

 

Attachments

Possible scenarios when UID validation could fail.doc get_app
Possible scenarios when UID validation could fail.doc get_app