ata1915
asked on
symantec nac and microsoft nap
Hi all,
I would like to integrate of Microsoft NAP and Symantec Endpoint Protection & NAC ( SNAC )
We currently have Endpoint Protection in production.
SNAC : just aiming to check client's Antivirus update definitions if non-compliant the system will forward it to remediation server.
Microsoft NAP : That is exactly what i could not figure out yet, why i need to use Microsoft NAP with SNAC
What steps i have to do deploy this system to m y test environment ?
step 1 : installing a RADIUS server ( doi need a test AD or how can i create user credentials ? )
step 2 : What is the role of the Microsoft NAP service in this scenario ?
step 3 : SEP ( symantec endpoint protection with NAC ) installation on a different server
step 4 : cisco switch 802.1x configuration.
step 5 : what shoul i have to do in my test client ?
Yes the problem is i didn't integrate and didn't understand the role of each part at the moment, please lead me to a proper solution and share some useful documents.
Thanks.
I would like to integrate of Microsoft NAP and Symantec Endpoint Protection & NAC ( SNAC )
We currently have Endpoint Protection in production.
SNAC : just aiming to check client's Antivirus update definitions if non-compliant the system will forward it to remediation server.
Microsoft NAP : That is exactly what i could not figure out yet, why i need to use Microsoft NAP with SNAC
What steps i have to do deploy this system to m y test environment ?
step 1 : installing a RADIUS server ( doi need a test AD or how can i create user credentials ? )
step 2 : What is the role of the Microsoft NAP service in this scenario ?
step 3 : SEP ( symantec endpoint protection with NAC ) installation on a different server
step 4 : cisco switch 802.1x configuration.
step 5 : what shoul i have to do in my test client ?
Yes the problem is i didn't integrate and didn't understand the role of each part at the moment, please lead me to a proper solution and share some useful documents.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Typically it can be doing a NAC that does the host integrity checks simply retiring those criteria as richrumble shared. The 802.1x will determine the machine integrity not user specific unless you are doing a radius check. But largely depending on the certificate issued for Endpoint. Simply see it as do the 802.1x checks, then host integrity check which I recalled Symamtec has something called enforcer to work with sepm. The Microsoft nap Is just the radius AMD probably your CA server is also MS.
ASKER
thank you, this information helped me so much
Endpoint Protection Vendors: Check Point Systems, Sophos and Symantec. Gartner has
observed that these vendors are not actively selling NAC as a separate product. Therefore, they
did not meet the inclusion criteria for this Magic Quadrant. These vendors will need to gain
dominant positions in the market for securing mobile devices for them to compete effectively
again in the NAC market.
We had a bad SNAC experience, just trying to save you the trouble. Don't let them tell you that SNAC helps you roll out 802.1x, because if you want to use it, you have to roll that out first then SNAC comes in. 802.1x operates independent of SNAC. SNAC is able to use 802.1x to move host's to vlans if they fail some agent criteria, but not to actually patch them (Symantec Altiris product has/had no intergration), Host's that aren't yours will fail authentication using 802.1x and be placed in a Guest vlan (if you wish) by default even if SNAC isn't on your network at all, or even if it is. That's 802.1x's job not the NAC's. 802.1x is an authentication mechanism, and the policies you setup in 802.1x (your switch config) will dictate the initial vlans endpoints are placed in, SNAC may change those vlans after 802.1x has done it's default actions and the endpoint attempts dhcp, if it doesn't attempt dhcp SNAC doesn't know it's there.
-rich