SecurityExpressions Server User Guide

A read-only line that reminds you to configure ACS so that NAD redirects users who try to connect to the network from quarantined systems to the URL listed.

Redirection Web Page Behavior

Select the information and resources the redirection Web page should provide to users on quarantined systems if URL redirection is configured in ACS. The options are:

Display a message that the user must contact an administrator for access and leave in quarantine. To customize this message, modify NAC/NotHealthy.aspx.

Display the results of the failed audit and a message stating that an administrator has been notified, then grant access to the network and remove from quarantine.

Managed Systems - NAC removes the system from quarantine by sending a token of Healthy to ACS. To customize the message for managed systems, modify NAC/PermitAccess.aspx.

Unmanaged Systems - The Web page displays instructions on how to perform a self audit. When users click Next, NAC removes the system from quarantine by sending a token of Healthy to ACS. To customize the message for unmanaged systems, modify NAC/UnmanagedSelfAudit.aspx.

Provide help with remediation. Display the following URL containing instructions for self-remediation. Allow the user to perform self-service audits to verify. Type a URL where users can get remediation instructions. After they remediate, the redirection Web page describes how to perform a self audit. To customize this message, modify NAC/SelfRemediate.aspx.

Audit on Connect Tracing

Audit on Connect Tracing

Audit on Connect audit events are complex, involving lots of variables. If you suspect Audit on Connect is not operating as expected, you would have a hard time troubleshooting the problem on your own. The AOC Tracing page keeps track of any Audit on Connect activity occurring during a set time period, recording the details of the activity caused by the audit event and listing the Audit on Connect settings configured for the audit event. This empowers you to troubleshoot possible problems in Audit on Connect activity or configuration.

AOC tracing shows:

when a computer listed in a scope connects to the network

which device type, policies, scope, notifications, exceptions, and connection-monitor type were involved in the audit event

if a slow link was detected

trace-route information, if enabled

Cisco Network Admissions Control (NAC) activity, if any

if a cached policy file is used

Tip: AOC tracing is designed to be turned on and off, running for set lengths of time. It does not record constantly or permanently log tracing data. If you suspect problems, determine when the suspect activity will occur. Then turn it on and set it to run for the length of time you expect the activity to take.

52

Page 59 Page 61
Page 60
Image 60
Symantec Security Expressions Server manual Audit on Connect Tracing, Redirection Web Page Behavior
Page 59 Page 61
Top Page Image Contents