Symantec Security Expressions Server Server User Manual


 
SecurityExpressions Server User Guide
52
A read-only line that reminds you to configure ACS so that NAD redirects users who try to
connect to the network from quarantined systems to the URL listed.
Redirection Web Page Behavior
Select the information and resources the redirection Web page should provide to users on
quarantined systems if URL redirection is configured in ACS. The options are:
Display a message that the user must contact an administrator for access
and leave in quarantine. To customize this message, modify NAC/NotHealthy.aspx.
Display the results of the failed audit and a message stating that an
administrator has been notified, then grant access to the network and
remove from quarantine.
Managed Systems
- NAC removes the system from quarantine by sending a token of
Healthy to ACS. To customize the message for managed systems, modify
NAC/PermitAccess.aspx.
Unmanaged Systems
- The Web page displays instructions on how to perform a self
audit. When users click Next, NAC removes the system from quarantine by sending a
token of Healthy to ACS. To customize the message for unmanaged systems, modify
NAC/UnmanagedSelfAudit.aspx.
Provide help with remediation. Display the following URL containing
instructions for self-remediation. Allow the user to perform self-service
audits to verify. Type a URL where users can get remediation instructions. After
they remediate, the redirection Web page describes how to perform a self audit. To
customize this message, modify NAC/SelfRemediate.aspx.
Audit on Connect Tracing
Audit on Connect Tracing
Audit on Connect audit events are complex, involving lots of variables. If you suspect Audit on
Connect is not operating as expected, you would have a hard time troubleshooting the problem
on your own. The AOC Tracing page keeps track of any Audit on Connect activity occurring
during a set time period, recording the details of the activity caused by the audit event and listing
the Audit on Connect settings configured for the audit event. This empowers you to troubleshoot
possible problems in Audit on Connect activity or configuration.
AOC tracing shows:
when a computer listed in a scope connects to the network
which device type, policies, scope, notifications, exceptions, and connection-monitor type
were involved in the audit event
if a slow link was detected
trace-route information, if enabled
Cisco Network Admissions Control (NAC) activity, if any
if a cached policy file is used
Tip: AOC tracing is designed to be turned on and off, running for set lengths of time. It does not
record constantly or permanently log tracing data. If you suspect problems, determine when the
suspect activity will occur. Then turn it on and set it to run for the length of time you expect the
activity to take.