Manuals / Symantec / Computer Equipment / Server

Symantec Security Expressions Server manual Healthy, Quarantined/Unknown, Reaudit if quarantined

Models: Security Expressions Server

1 97
Download 97 pages 26.04 Kb
Page 59
Image 59

Audit-On-Connect

A managed system is a system on the network that the server software can connect to and audit using the appropriate credentials. It is a target system or potential target system.

Initial Token

Sends the posture token you select to ACS if a system receives a posture result of Fail.

Both Managed and Unmanaged

Network Access Device (NAD) Polling

Select how often ACS should poll the server software for the latest status of target systems. If it finds any updated policies:

the server audits managed target systems with a valid Healthy token unless the policy cache settings indicate otherwise.

NAC places Healthy unmanaged systems into quarantine as soon as their Cache Validity Duration expires.

Healthy

Select how often ACS should poll the server software for the latest status of target systems when the managed target systems have a valid Healthy token. In addition to selecting specific time intervals, you can opt to poll healthy systems as often as the smallest time interval entered in the Cache Pass For option, found in the Policies table, for all policies in the scope used.

Quarantined/Unknown

Select how often ACS should poll the server software for the latest status of target systems when the managed target systems have a valid Quarantined or Unknown token.

Make sure you set the Cache Fail For option, found in the Policies table, for a length of time longer than the time you select here. If you do not set these times strategically,

systems might not be able to get out of quarantine.

Reaudit if quarantined

Check this box if you want to reaudit systems with a valid Quarantined or Unknown token. Quarantined and unknown systems will get audited at the frequency you selected in the Quarantined/Unknown drop-down list until they receive a Healthy

token.

As you're selecting the settings on this page, keep in mind NAC's Audit in Progress Poll Hint Timeout. The poll-timeout hint is a length of time the server software passes to ACS that

indicates the next time it would be appropriate to request another token. NAC uses this value to reduce the number of communication round trips between the servers. The settings affect the poll-timeout hint in the following ways:

If a system has a Healthy token, the poll-timeout hint returned is the length of time selected from the Healthy drop-down list.

If a system has a Quarantined or Unknown token, the timeout hint returned is the length of time selected from the Quarantined/Unknown drop-down list.

If a system does not have a valid Healthy, Quarantined or Unknown token when sent to the auditing queue, the server software returns a timeout hint that takes into account the number of hosts currently waiting to be audited and the average time to complete an audit.

Redirection Web Page

51

Page 58 Page 60
Page 59
Image 59
Symantec Security Expressions Server manual Healthy, Quarantined/Unknown, Reaudit if quarantined, Redirection Web
Page 58 Page 60