Client acls, Audit of unauthenticated internet access, Audit of authenticated internet access – H3C Technologies H3C Intelligent Management Center User Manual

108

{

When one of the destination IP addresses can be pinged, the Offline Host ACL for Ping

Success applies. The PC is considered to be within the enterprise network.

{

When neither of the destination IP addresses can be pinged, the Offline Host ACL for Ping
Failure applies. The PC is considered to be outside the enterprise network.

Client ACLs

Client ACLs are configured in EAD and used by both the state-based and ping-based Internet access
control methods. The client ACLs are deployed together with the Internet access policy to the iNode client

when a user comes online. The iNode client then applies the correct ACLs to the NICs on the user's PC

according to the Internet access control methods configured in the policy.
A default client ACL must be configured for the lock Internet access function when the installation
package of the iNode client was customized in iNode Management Center. The default ACL permits or

denies all network access. It takes effect when the iNode client is installed on the PC. When EAD deploys

an offline ACL, the default ACL is overridden.
For more information about configuring client ACLs, see "

Managing client ACLs

."

Audit of unauthenticated Internet access

EAD provides the Ping Monitor Server for Offline Audit feature to monitor the Internet access behaviors

of PCs that did not pass identity authentication by the enterprise network.
When none of the client connections are active, the iNode client periodically pings the monitor servers

specified in the Internet access policy that is received from EAD. If a monitor server can be pinged, the

iNode client considers that the PC is accessing the Internet and generates an offline audit log. When the

PC comes online, the iNode client sends the Internet access audit log stored on the local PC to EAD.

Audit of authenticated Internet access

Use Internet access audit policies to monitor the Internet access behaviors of users who pass identity

authentication by the enterprise network. An Internet access audit policy is a set of ACL rules for
generating Internet access audit logs. When a user's Internet access behavior matches a rule for audit,

the iNode client generates an Internet access audit log. The generated logs are sent to EAD at regular

intervals for audit.

Internet access audit logs

EAD classifies Internet access audit logs into the following types:

•

Online audit logs—Records Internet access behaviors of users through networks other than the
enterprise network when users are online. The users appear on the online user list of UAM.

•

Offline audit logs—Records Internet access behaviors for PCs when users are offline.

EAD enables you to search for Internet access audit logs through basic or advanced queries.

Internet access logging parameters

In system parameter settings, specify the lifetime of an Internet access audit log and the maximum

number of Internet access audit logs to be kept in EAD. When an Internet access audit log expires or the