Configuring Cooperative Enforcement

To configure Cooperative Enforcement:

From the gateway Cooperative Enforcement page, click Authorize clients using Endpoint Security Server to enable Cooperative Enforcement.

• Monitor Only - The firewall requests authorization from the Endpoint Security server, but connections are not dropped. Hosts can connect while the gateway grants authorization. The Firewall generates logs for unauthorized hosts. You can add unauthorized hosts to the host's exception list or make those hosts compliant in other ways.

  If Monitor Only is not selected, Cooperative Enforcement works in Enforcement mode. The Endpoint Security Firewall blocks non-compliant host connections. For HTTP connections, the client is notified that its host is non-compliant. The user can change the computer to make compliant. For example, the user can upgrade the version of the Endpoint Security client.

• Track unauthorized client status - Set a log, or alert option for the hosts that would be dropped if not in Monitor Only mode.
• In the Endpoint Security Server Selection section, select which Endpoint Security server will be used:
  • To use this machine, select Use Endpoint Security Server installed on this machine.
  • To use another machine, select a server from Select Endpoint Security Server. Click New to create a new server.
• In the Client Authorization section, define exceptions for client authorization.
  • Check authorization of all clients - Get authorization from all clients.
  • Bypass authorization of the following clients - Allow clients in the selected groups to always connect, without authorization inspection. All other clients are inspected.
  • Check authorization only of the following clients - Inspect authorization of clients from the selected groups. All other clients bypass authorization.