Creating an Agent Registration Policy

Agent registration policies let you automate the agent registration process. An agent registration policy is a set of rules that determine how the incoming registration requests are processed. In the registration request content, Symantec Management Agent sends its host name, MAC address, IP address, FQDN, and logged on user data. The agent registration policy uses the registration request data and the rules that you define within the policy to decide if the request is allowed or blocked.
The default agent registration policy automatically allows all agents to communicate with Notification Server. You can modify the default policy or create custom policies to restrict the agents that can communicate with Notification Server. If no active policies are available, the status of each incoming registration request is set to pending.
You can view the registration requests in the
Agent Registration Status
report. You can access this report in the Symantec Management Console, under
Reports > Notification Server Management > Registration
.
This task is an optional step in the following processes:
  1. To create an agent registration policy
  2. In the Symantec Management Console, on the
    Settings
    menu, click
    All Settings
    .
  3. In the left pane, under
    Settings
    , expand
    Agents/Plug-ins > Symantec Management Agent > Settings
    .
  4. Right-click
    Registration Policies
    , and then click
    New > Registration Policy
    .
  5. In the right pane, specify the settings of the agent registration policy as follows:
    Rules
    Lets you define different types of masks for agent identification using the request data. For example, you can define a host name mask, an IP address mask, and a logged on user name mask.
    A single policy can contain unlimited number of masks of any type. During the mask matching process, Notification Server treats different mask types as logical AND operation and similar mask types as logical OR operation.
    For example, a policy with the following masks allows registration of all agents that have the name that matches mask "*test" and their IP address is either 10.31.12.1, 10.31.12.2, or any from 255 IP addresses from the 10.31.15.0 subnet:
    • Host = *test
    • IP=10.31.12.1
    • IP=10.31.12.2
    • IP=10.31.15.0/24
    Asterisk is accepted for all rules except for
    IP address
    . If you want to specify an IP range in a rule, you must define it with the subnet mask. For example, instead of typing
    10.31.15.*
    , you enter
    10.31.15.0/24
    .
    Actions
    Lets you define the rule for complied agent processing with the following options:
    • Allow
      The agents are automatically registered and you do not need to accept them manually.
    • Block
      Requests from these agents are declined.
    Note that if two policies are applicable to a registration request, and one of them allows registration and the other blocks it, the blocking policy is applied to the request.
  6. Turn on the policy.
    At the upper right of the page, click the colored circle, and then click
    On
    .
  7. Click
    Save changes
    .