The On-Demand Client for Macintosh cannot run without first installing the Client Static Route Spoof Tool. Mac OS X does not respond to the DHCP static routing option (33) by default. Macs in a Symantec Endpoint Protection network cannot download and use the Mac on-demand client without applying that patch.
For each client that is running Mac OS X 10.4, 10.5, or 10.6, download and install "Symantec ODC Static Route Spoof Tool.pkg" to install. Administrative privileges are needed during the installation. You must restart the computer after the installation is complete.
To make the DHCP Enforcer environment work, the administrator must configure the static route option (33) on the DHCP server . This option enables the following servers to be accessed from the client side when the client is quarantined:
- Symantec Endpoint Protection Manager server
- DHCP server: An empty router option (003) needs to be created on the DHCP server for the quarantine user class.
- DHCP Enforcer, if using the DHCP Appliance
- Gateway Enforcer: When using the DHCP plug-in, the Gateway Enforcer is used as the delivery point.
- Spoofing DNS server: When using the DHCP plug-in, the spoofing DNS server is used to resolve names to the Gateway Enforcer for download of the Mac on-demand client.
Note: with Windows clients static routes to machines within the same network segment can be configured by either repeating the destination IP address as the router address, or by using a separate gateway IP address as the router. With Mac OS X and the Symantec ODC Static Route Spoof Tool the destination-address/destination-address option will not work. Example; a Static Route configured as 10.10.10.34/10.10.10.34 will work on Windows but not on OS X, but the Static Route 10.10.10.34/10.10.10.1 (where 10.10.10.1 is the router on this network segment) will allow clients of both OS to reach the 10.10.10.34 destination.
For troubleshooting instructions regarding the ODC Static Route tool and Symantec On-Demand Client on OS X, please see article TECH169933
For general instructions regarding configuring a Symantec DHCP Enforcer with Macintosh clients, please see article TECH106301