Symantec Security Expressions Server User Manual

Audit-On-Connect

51

A managed system is a system on the network that the server software can connect to and audit

using the appropriate credentials. It is a target system or potential target system.

Initial Token

Sends the posture token you select to ACS if a system receives a posture result of Fail.

Both Managed and Unmanaged

Network Access Device (NAD) Polling

Select how often ACS should poll the server software for the latest status of target systems. If

it finds any updated policies:

• the server audits managed target systems with a valid Healthy token unless the policy cache
settings indicate otherwise.

• NAC places Healthy unmanaged systems into quarantine as soon as their Cache Validity

Duration expires.

Healthy

Select how often ACS should poll the server software for the latest status of target

systems when the managed target systems have a valid Healthy token. In addition to

selecting specific time intervals, you can opt to poll healthy systems as often as the

smallest time interval entered in the Cache Pass For option, found in the Policies table, for
all policies in the scope used.

Quarantined/Unknown

Select how often ACS should poll the server software for the latest status of target

systems when the managed target systems have a valid Quarantined or Unknown token.

Make sure you set the Cache Fail For option, found in the Policies table, for a length of

time longer than the time you select here. If you do not set these times strategically,

systems might not be able to get out of quarantine.

Reaudit if quarantined

Check this box if you want to reaudit systems with a valid Quarantined or Unknown

token. Quarantined and unknown systems will get audited at the frequency you
selected in the Quarantined/Unknown drop-down list until they receive a Healthy

token.
As you're selecting the settings on this page, keep in mind NAC's Audit in Progress Poll Hint

Timeout. The poll-timeout hint is a length of time the server software passes to ACS that

indicates the next time it would be appropriate to request another token. NAC uses this value
to reduce the number of communication round trips between the servers. The settings affect

the poll-timeout hint in the following ways:

• If a system has a Healthy token, the poll-timeout hint returned is the length of time

selected from the Healthy drop-down list.

• If a system has a Quarantined or Unknown token, the timeout hint returned is the

length of time selected from the Quarantined/Unknown drop-down list.

If a system does not have a valid Healthy, Quarantined or Unknown token when sent to the

auditing queue, the server software returns a timeout hint that takes into account the number
of hosts currently waiting to be audited and the average time to complete an audit.

Redirection Web Page