Network Access Control

 View Only
Back to discussions
Expand all | Collapse all

Compliance Status Check has been disabled by the Administrator

  • 1.  Compliance Status Check has been disabled by the Administrator

    Posted Jun 24, 2010 11:02 AM
    Before I ask my questions I’ll provide some background on my setup:
     
    I am currently testing a SNAC Enforcer 6100 appliance configured as a gateway enforcer. I have the Internal port (eth0) patched into our network so it can communicate with our SEPM. I have the External port (eth1) patched to an unmanaged desktop switch, and on the same desktop switch I have a workstation patched to act as a test client.
     
    On the SEPM I added a test Location to my test Group and set its Condition to the IP address of the workstation. I have a single Host Integrity policy assigned to my test Group that requires the client to have Any Anti-Virus Product installed (both the Requirement and the Policy are Enabled). The workstation does not have any anti-virus products installed so I expect this to fail.
     
    On the workstation when I attempt to browse the web I am redirected, as expected, to the On-Demand Client (ODC) download page. The ODC downloads and installs correctly, it connects to the SEPM and grabs the latest policy just fine … and then here is where the weirdness starts.
     
    The ODC displays that “Network Access Allowed” against the green background which I would not expect due to the policy. And even though it states that network access is allowed no other traffic is passing through; I am still redirected to the ODC download page and I am unable to ping anywhere on the network. The ODC also states that the “Compliance Status Check has been disabled by the Administrator” which I imagine has something to do with the problem I am experiencing. I have gone over my SEPM configuration several times and have had colleagues double-check the configuration for me. I cannot see anything that would indicate why the Compliance Status Check has been disabled but I’m obviously missing something.
     
    I have tried upgrading the SEPM to the latest version. I have re-imaged the Enforcer appliance. I have tried using two different workstations as my test client, one WinXP and the other Win7. I have used a different unmanaged desktop switch, and I have replaced all the network cables.
     
    So, my questions are:
    1. What can be causing the “Compliance Status Check Disabled” error?
    2. If unrelated to the first problem, why is the policy not failing as expected?
    3. Also, if unrelated to the first problem, if Network Access is allowed as stated by the ODC, why is traffic still being blocked?
     
    Versions involved in this scenario:
    SNAC Enforcer = v11.0.5002 build 6122
    SEPM = v11.0.5002.333
    On-Demand Client for Windows = v11.0.5002.252


  • 2.  RE: Compliance Status Check has been disabled by the Administrator

    Posted Oct 22, 2010 07:32 AM

    Hello,

    Sure you created condition on Antivirus Requirement option not after choosing "Custom".

    Try to upgrade all them to RU6 MP1 version may be fixed your problem.So many fixes came with MP1 version.

     

    Regards,

    Oykun