Symantec Network Access Control 11
Strengths: The device is 802.1x compliant, so it is not necessary to buy additional authentication servers.
Weaknesses: The install is complex and confusing. It is crucial to use Symantec’s professional services.
Verdict: An acceptable offering with a level of complexity to implement and manage, but the device delivers all of the features advertised.
SummaryThe offering from Symantec is much larger than the scope of this review. NAC 11 has additional functionality, such as desktop enforcement through client-installed firewall agents. If a client can answer yes to a series of questions, the client will then be allowed access to the LAN.
There are three types of Symantec Enforcer appliances: Gateway Enforcer, DHCP Enforcer and LAN Enforcer.
The Enforcer is a component that works together with the Symantec Policy Manager and Symantec Agents to protect the enterprise network. Enforcers are responsible for many tasks. It is generally more convenient to administer them all in one centralized location. The Policy Manager provides this capability.
It is important to note that the Enforcer itself does not perform user-level authentication because authentication will be performed by the RADIUS, Diameter or LDAP authentication server. A LAN Enforcer, configured to work with a RADIUS server, forwards the user information it receives from the 802.1x supplicant to the RADIUS server for authentication and does not grant access to a client that fails the user-level authentication.
When a client attempts to connect to the network, the Symantec Agent on the computer runs a host integrity check. It then sends the results to the Enforcer. If the client passes the host integrity check, it gains access to the production network.
The installation of NAC 11 is difficult enough that Symantec usually sends a professional service technician to complete the initial install.
Limited documentation for the product is available online. We were unable to locate any additional documentation.
The first year of support, which is included, is available 24/7. Additional 7/24, phone, email and website access are available after the first year.
The pricing for the NAC 11 appliance starts at $12,732, which includes Symantec Network Access Control Starter Edition 11.0, one Symantec NAC Enforcer Appliance and one year of essential support. This makes the NAC 11 an average value.