Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Product and Software: This article applies to all ECS product and software versions 3.1.9 and later.To ensure that your NAC appliance is up-to-date with current security policy templates and vendor code identifications, configure the NAC appliance to run the Auto-Definition Synchronizer on a periodic basis. The best practice is to schedule it to run once per week. The Auto-Definition Synchronizer downloads, via FTP, the latest security policy templates (including Anti-virus, Anti-Spyware, and operating system updates) and vendor codes (including MAC addresses for new NIC cards) onto your NAC appliance, based on the schedule that you define.Software and hardware vendors make updates available to clients at various times throughout the week. Aruba Networks correlates this information and makes it available for download.The latest security policy templates and vendor codes for your NAC appliance are made available for upload each Monday (if a holiday, Tuesday) by close of business.(Currently, there is no real benefit to running it more than once per week, except to compensate for Monday holidays.)The best practice is to run the Auto-Definition Synchronizer once a week. The schedule you set can range from Monday late evening, at the earliest, to the following Monday early morning, at the latest. We recommend Wednesday or Thursday, to allow clients sufficient time to install vendor updates.Which end of this scale you choose presents different end-user experiences because of the difference between when the NAC appliance is updated and when clients actually install the vendor updates on their systems (as well as when clients are scanned based on use of Persistent Agent or Run-Once).Aggressive - Run Auto Definition updates Tuesday early AM and rescan cliients early Wednesday AM.Least Aggressive - Run Auto Definition updates Sunday and rescan clients early Monday AM.ProcedureTo schedule the synchronizer runtime:1) Access the NAC GUI.2) Go to the Security Management view and click Auto-Def Schedule.3) Select the schedule interval (for example: 7 days means every 7 days).4) Set the next scheduled time (date/time format).5) Click Apply.ValidationVerify that the Auto-Definitions Synchronizer has run and updated definitions on your NAC appliance:1. Navigate to the Scheduler view (Go > Scheduler).2. View the "Last Scheduled Time" and "Next Scheduled Time" for the task to run.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.