The Trusted Internal IP table has a list of internal IP addresses that external clients are allowed to communicate with, regardless of whether a client currently runs or has passed the Host Integrity check.
If you run two Gateway Enforcer appliances in a series so that a client connects through more than one Gateway Enforcer appliance, the Gateway Enforcer appliance closest to Symantec Endpoint Protection Manager needs to be specified as a trusted internal IP address of the other Gateway Enforcer appliances. If a client first fails a Host Integrity check and then passes it, you may have up to a 5-minute delay before a client can connect to the network.
To add a trusted internal IP address for clients on a management server
In Symantec Endpoint Protection Manager, click Admin.
In the Admin page, click Servers.
Select and expand the group of Enforcers.
Select the Gateway Enforcer appliance group for which you want to edit client IP address ranges on the list of addresses that require authentication.
Under Tasks, click Edit Group Properties.
In the Gateway Settings dialog box, on the Auth Range tab, in the Trusted IP address range area, select Trusted Internal IP address range from the drop-down list.
In the IP Address Settings dialog box, type an IP address or address range.
The IP address is added to the list and a check mark appears in the Enable column.
In the Settings dialog box, click OK.