Symantec 360R Administration Guide - Page 104
How antivirus policy enforcement (AVpe) works
UPC - 037648240185
View all Symantec 360R manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 104 highlights
104 Advanced network traffic control How antivirus policy enforcement (AVpe) works How antivirus policy enforcement (AVpe) works AVpe monitors the AV configuration of supported Symantec connected policy masters and client workstations attempting to gain access to your corporate network. See the Symantec Gateway Security 300 Series Release Notes for the version of the product you are using to determine the supported AV products and how their configuration and usage differs from the following information. AVpe works in two different environments: a network with an internal Symantec AntiVirus Corporate Edition server that maintains antivirus information or a network of clients that are unmanaged. If your network has an internal Symantec AntiVirus Corporate Edition server, when you configure AVpe, you designate a primary and (optionally) a secondary antivirus server that is accessible to your network through LAN or WAN connections. If your network has clients that are unmanaged, you designate one client as master, and all other clients verify their versions against the master. The first time an internal client requests a DHCP connection, attempts an external connection, or any time a client initiates a VPN tunnel (originating from your LAN or remotely through the Internet), the appliance retrieves the client's antivirus policy configuration and compares it against the current antivirus policy requirements. If the client is not in compliance, the traffic is warned or blocked (as indicated when you configure AVpe) and a message is logged. You can configure the appliance to monitor client or server configurations at specified intervals (the default setting is every 10 minutes). Once a client is connected, the appliance rechecks the client's antivirus compliance at userdefined intervals. After the specified interval (the default interval is eight hours), clients are re-queried to check for compliance. If the AV policy master shows updates were made, the clients are allowed an eight-hour grace period (the default LiveUpdate interval on unmanaged clients) where they will still be compliant if they have the last AV policy master definition version. After this period, the clients will be considered non-compliant with the AV policy. Table 7-1 describes client compliance and the subsequent actions taken. Table 7-1 Client compliance actions If the client is Compliant with current antivirus policies Antivirus protection is outof-date Then Client is granted access to the firewall. The connection is allowed to pass, but the appliance logs a warning or completely blocks access, depending on the option you select.