To support Network Access Control (NAC), Sophos Mobile manages the network access status of mobile devices based on compliance rules. When a device violates a compliance rule that is assigned to it, the network access status of the device is set to Deny. If required, you can set the status of certain devices to a fixed value, independent of their compliance status.

Sophos NAC Advanced can be critical part of your security measures? Ensuring that employee and guest computers are compliant with company security policy, managing network access, and delivering the peace of mind that comes from knowing your data is safe and your company is PCI compliant. Network access control (NAC) solution, Sophos NAC Advanced controls access to the network for guest, unmanaged and unauthorized computers. Non-compliant computers are identified and isolated, based on a centrally defined, policy-driven assessment. Company computers missing critical security applications and patches are fixed, while unauthorized. See NAC web service interface. Provide these lists to your third-party NAC system instead of the lists that you retrieved from the deprecated NAC interface. Using the Sophos Mobile web console, change the Network Access Control mode from Custom to Web service.

Sophos Mobile only manages the network access status of devices. It does not actually restrict network communication. Instead, Sophos Mobile offers a web service interface that delivers the MAC addresses and corresponding network access status of the managed devices. Third-party NAC systems can retrieve this information to permit or deny access to network segments.

Sophos Nacogdoches

The connection of the NAC system to the web service interface has to be implemented by the third-party vendor.