You can configure the following settings:
Client IP addresses that the Gateway Enforcer appliance authenticate
External IP addresses that the Gateway Enforcer appliance does not authenticate
Internal IP address to which the Gateway Enforcer allows access
After you apply the settings, the changes are sent to the selected Gateway Enforcer appliance during the next heartbeat. Keep in mind the following information:
The option to Only authenticate clients with these IP addresses is not selected by default. If you leave this option selected and do not specify any IP addresses to authenticate, the Gateway Enforcer appliance acts as a network bridge and allows all clients access.
For Trusted External IP address range addresses, you should add the IP address of the corporate VPN server, as well as any other IP addresses that are allowed to have access to the corporate network without running a client. You may also want to include the devices that normally have access to the network and are running an operating system other than Windows.
For Trusted Internal IP address range addresses, you may need to specify addresses, such as an update server, a file server containing antivirus signature files, a server that is used for remediation, or a DNS or WINS server that is required to resolve domain or host names.
If you specify that the Gateway Enforcer appliance verifies that the client profile is up-to-date, clients may need to connect to the Symantec Endpoint Protection Manager to download the latest security policies. If you use this option when you refer to the Symantec Endpoint Protection Manager by DNS or host name, you must add the DNS or WINS server's IP address to the trusted internal IP list.