Symantec Security Expressions Server Server User Manual


 
Audit-On-Connect
51
A managed system is a system on the network that the server software can connect to and audit
using the appropriate credentials. It is a target system or potential target system.
Initial Token
Sends the posture token you select to ACS if a system receives a posture result of Fail.
Both Managed and Unmanaged
Network Access Device (NAD) Polling
Select how often ACS should poll the server software for the latest status of target systems. If
it finds any updated policies:
the server audits managed target systems with a valid Healthy token unless the policy cache
settings indicate otherwise.
NAC places Healthy unmanaged systems into quarantine as soon as their Cache Validity
Duration expires.
Healthy
Select how often ACS should poll the server software for the latest status of target
systems when the managed target systems have a valid Healthy token. In addition to
selecting specific time intervals, you can opt to poll healthy systems as often as the
smallest time interval entered in the Cache Pass For option, found in the Policies table, for
all policies in the scope used.
Quarantined/Unknown
Select how often ACS should poll the server software for the latest status of target
systems when the managed target systems have a valid Quarantined or Unknown token.
Make sure you set the Cache Fail For option, found in the Policies table, for a length of
time longer than the time you select here. If you do not set these times strategically,
systems might not be able to get out of quarantine.
Reaudit if quarantined
Check this box if you want to reaudit systems with a valid Quarantined or Unknown
token. Quarantined and unknown systems will get audited at the frequency you
selected in the Quarantined/Unknown drop-down list until they receive a Healthy
token.
As you're selecting the settings on this page, keep in mind NAC's Audit in Progress Poll Hint
Timeout. The poll-timeout hint is a length of time the server software passes to ACS that
indicates the next time it would be appropriate to request another token. NAC uses this value
to reduce the number of communication round trips between the servers. The settings affect
the poll-timeout hint in the following ways:
If a system has a Healthy token, the poll-timeout hint returned is the length of time
selected from the Healthy drop-down list.
If a system has a Quarantined or Unknown token, the timeout hint returned is the
length of time selected from the Quarantined/Unknown drop-down list.
If a system does not have a valid Healthy, Quarantined or Unknown token when sent to the
auditing queue, the server software returns a timeout hint that takes into account the number
of hosts currently waiting to be audited and the average time to complete an audit.
Redirection Web Page