Symantec NAC 11.0
July 01, 2008
£6,518, including Symantec Network Access Control Starter Edition 11.0, 1 Symantec NAC Enforcer Appliance, and 1 year of Essential Support Services
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: 802.1x compliant, so no extra authentication servers needed
- Weaknesses: Difficult install relies on Symantec's professional services
- Verdict: An acceptable offering that is complex to implement and manage, but it delivers the features advertised
The offering from Symantec is much larger than the scope of this review. NAC 11.0 has additional functionality such as desktop enforcement through client-installed firewall/agents.
A LAN enforcer, configured to work with a Radius, Diameter or LDAP server, forwards the user information it receives from the 802.1x supplicant to the Radius server for authentication and does not grant access to a client that fails the user-level authentication.
There are three types of enforcer appliances: gateway, DHCP and LAN enforcers. The Symantec Enforcer is a component that works together with the Symantec Policy Manager and Symantec Agents to protect the enterprise network. Enforcers are responsible for many tasks. It is generally more convenient to administer them all in one centralised location. The Policy Manager provides this capability.
Symantec Agents can be configured to run host integrity checks at various times. This ensures that the user has not disabled the local firewall or anti-virus, or performed any other action that would cause the device to be moved into a quarantine area, which will only allow users to access the internet for the purpose of bringing back the client, through HI, to the regular LAN segment.
When a client tries to connect to the network, the Symantec Agent runs a host integrity check. It then sends the results to the enforcer. If the client passes, it gains access to the network.
The installation is so complex that Symantec usually sends a professional service technician to complete the initial install.
Limited documentation for the product is available online. We were unable to locate any additional documentation, which would have been handy to have.
The first year of support, which is included, is available 24/7. Additional phone, email and website access are available after the first year.
The pricing for the NAC 11.0 appliance starts at £6,518, which includes Symantec Network Access Control Starter Edition 11.0, a Symantec NAC Enforcer Appliance and a year of essential support. This makes the NAC 11.0 average value for money.