Before you begin configuring AVpe
Clients who have been denied access can still connect to Symantec AntiVirus
Corporate Edition or Symantec LiveUpdate servers to update their virus
definitions.
You determine whether to enforce antivirus compliance for local clients using
computer groups. All local clients belong to computer groups. For each
computer group, you enable or disable AVpe. The default AVpe status for all
computer groups is disabled. See
groups"
on page 64.
If content filtering and antivirus policy enforcement are enabled at the same
time, content filtering takes precedence over antivirus policy enforcement
processing for outbound traffic only. If a content filtering violation occurs and a
client is blocked from viewing content, a message is logged and no antivirus
policy enforcement rules are processed.
AVpe is supported for outbound connections and VPN client connections only.
Note: You must place UNIX/Linux clients or clients with a non-supported AV
client in a computer group without AVpe.
Before configuring the Symantec Gateway Security 300 Series appliance, make
sure you do the following:
Include your AVpe needs in your strategy for group assignments. AVpe is
■
supported for outbound connections and VPN client connections only.
Determine those clients whose virus definitions will be checked and those (if
any) who will be allowed conditional or unconditional network access. Then
assign users to the appropriate access or VPN groups and select whether you
will warn or block non-compliant clients who attempt to access the local
network.
Note: You must place UNIX/Linux clients or clients with a non-supported
AV client in a computer group without AVpe.
See
"Defining computer groups"
page 88.
If you plan to use Symantec AntiVirus Corporate Edition servers, obtain the
■
name of the primary and (optionally) the secondary servers used in your
network.
Advanced network traffic control
Before you begin configuring AVpe
"Understanding computers and computer
on page 67 or
"Viewing the User List"
105
on