Symantec NAC is all about compliance: ensuring that devices on your network properly comply with the endpoint security policy you set in your Symantec Endpoint Protection console. Symantec NAC isn't about authentication or access controls beyond basic VLAN switching. If endpoint security compliance is what you want, and if you're already a Symantec shop, then this is a great product for you.

Symantec NAC includes its standard endpoint protection suite for desktops, and one or more appliances that act as enforcers for NAC policy. When you first configure an enforcer appliance, you tell it whether to be an 802.1X enforcer, a DHCP enforcer, or an inline gateway enforcer that applies packet filters to the traffic flowing through it.

The strong point of the Symantec NAC product is endpoint security, but there are other features, such as a simple guest portal (if you have a gateway enforcer) with on-demand endpoint security scans, which also includes support for MAC-based authentication (for VoIP phones and printers).

Symantec NAC includes support for VLAN assignment in Cisco wired and wireless switches, Alcatel-Lucent, Foundry, HP, Nortel, and Extreme switches, as well as Aironet wireless controllers.


We found Symantec NAC both easy to install and easy to manage. If you already have Symantec Endpoint Protection installed, and if endpoint security compliance is your main reason for investigating NAC, then you'll find Symantec NAC an inexpensive way to add NAC to most networks.