You can specify those clients with IP addresses to which the Gateway Enforcer appliance authenticates.
You want to be aware of the following issues:
You must check the Enable option that is located next to the IP address or range if you want that address to be authenticated. If you want to temporarily disable authentication of an address or range, uncheck Enable.
If you type an invalid IP address, you receive an error message when you try to add it to the Client IP list.
To restrict a client's network access despite authentication
In Symantec Endpoint Protection Manager, click Admin.
Select and expand the Gateway Enforcer appliance groups.
Under Tasks, click Edit Group Properties.
In the Gateway Settings dialog box, on the Auth Range tab, in the Authenticate Client IP address range area, check Only authenticate clients with these IP addresses.
If you do not check this option, any IP addresses listed are ignored. Therefore all clients who try to connect to the network are authenticated. If you check this option, the Gateway Enforcer appliance authenticates only the clients with the IP addresses that are added to the list.
In the Add Single IP Address dialog box, select from Single IP address to IP address range or Subnet.
The fields change to enable you to enter the appropriate information.
Select whether to add:
Type either a single IP address, a start address and an end address of a range, or an IP address plus subnet mask.
The address information you typed is added to the Client IP address range table, with the Enable option selected.
Continue to click Add and specify any other IP addresses or ranges of addresses that you want the Gateway Enforcer to authenticate.