Application Control Policies: Accounts Parent topic

Application Control > Policies > Add
IWSVA has default global and guest policies for the following activities: HTTPS decryption, Advanced Thread Protection, HTTP Inspection, Data Loss Prevention, applets and Active X, and URL Filtering. Application Control has only the default global policy.
  • Global Policy — For all clients who access through IWSVA.
  • Guest Policy — For those clients, typically temporary workers, contractors, and technicians who proxy through IWSVA using a special "guest access" option.
Guest accounts are disabled by default; to enable a guest account go to Administration > IWSVA Configuration > User Identification > Authentication Method > Captive Portal > Allow Guest Login only after first enabling LDAP (Administration > IWSVA Configuration > User Identification | User Identification tab).
Note
Note
The guest policy is a feature that is available when the administrator has configured IWSVA to use the LDAP "User/Group name authentication" feature as the user identification method. Administrators can opt to provide one "Guest Access" button to users who do not have accounts within the organization's directory servers, (such as contract personnel or visiting vendors) so they can still access the Web.
The Global Application Control policy is the default policy.
  • Enable policy — Enables or disables the individual policy; the global Application Control setting overrides the specifications of an individual policy.
  • IP Range — Use to specify the range of IP addresses (IPv4 and/or IPv6) that will be affected by the Application Control policy.
  • IP Address — Use to specify the single IP address (IPv4 and/or IPv6) that will be affected by the Application Control policy.
  • IP Subset — Use to specify the subnet IP address that will be affected by Application Control policy.
  • User or Group (If User Identification is enabled) — Use to specify the user or group that will be affected by Application Control policy.
    Note
    Note
    The options on this page depend upon the user identification method that you are using — either IP address or User/group name authentication, if you enable LDAP authentication. For more information about configuring the user identification method and defining the scope of a policy, see User Identification and Application Control Policies.
  • Add — Click to add a single or range of IP addresses to the list of addresses that will be affected by the Application Control policy.
To add an Application Control policy:
  1. Go to Application Control > Policies.
  2. Click the Add link above the policy list.
  3. Type a descriptive policy name. This will help you remember the policy.
  4. You can also create a new policy based on the settings of an existing policy by clicking the "Copy from existing policy" option and selecting a policy from the drop-down list.
  5. Type a single IP address, a range of IP addresses, or an IP subnet to signify the users affected. Alternatively, choose the user or group name if LDAP integration has been set up.
  6. Click Add to move the newly entered IP address, range, or user/group name to the Type & Identification table.
  7. Click the Enable Policy check box at the top of the screen to enable the policy after it is created.
  8. Click Next to continue.
  9. See Add Policies: Specify Rules to set up the rules of the policy which apply to specified accounts.
See also: