Adding an internet access policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 126
110
{
State-Based Internet Access Control—Select this option to enable state-based Internet access
control. The following parameters appear only when this option is selected:
−
All but Authenticated NIC—Select the ACL to apply to all NICs except the NIC connected to
the enterprise network. An empty field indicates that no ACL is configured.
−
Unauthenticated Hosts—Select the ACL to apply to all NICs on the PC when none of the
connections in the iNode client are active. If no ACL is specified, the most recent ACL
deployed to the iNode client is used. If no ACL has been deployed, the default ACL is used
to control Internet access.
{
Ping-Based Internet Access Control—Select this option to enable ping-based Internet access
control. The following parameters appear only when this option is selected:
−
Destination IP Address 1/Destination IP Address 2—Configure one or both of the IP
addresses to be pinged by the iNode client.
−
Offline Host ACL for Ping Success—Select the ACL to apply when a destination IP address
is successfully pinged.
−
Offline Host ACL for Ping Failure—Select the ACL to apply when neither of the destination
IP addresses can be pinged.
{
Ping Monitor Server for Offline Audit—Select this option to enable ping-based Internet access
audit for unauthenticated Internet access. The following parameters appear only when this
option is selected:
−
Monitor Server IP—Specify a list of IP addresses to be pinged by the iNode client.
−
Maximum Records—Specify the maximum number of ping success records that can be
stored by the iNode client.
−
Ping Interval (minutes)—specify the interval, in minutes, at which the iNode client pings the
specified IP addresses.
{
Enable Internet Access Audit—Select this option to enable audit for authenticated Internet
access. The following parameters appear only when this option is selected:
−
Audit Policy—Name of the Internet access audit policy used by the Internet access policy.
−
Report Interval (minutes)—Specify the interval, in minutes, at which the iNode client sends
Internet access audit logs to EAD.
4.
Click Back to return to the Internet Access Policy page.
Adding an Internet access policy
1.
Click the User tab.
2.
From the navigation tree, select User Security Policy > Endpoint Access Control > Internet Access
Policy.
The Internet Access Policy page appears.
3.
Click Add.
The Add Internet Access Policy page appears.
4.
Configure the basic information for the Internet access policy:
{
Internet Access Policy Name—Enter the Internet access policy name.
{
Service Group—Select the service group to which the Internet access policy belongs.
{
Description—Enter the description of the Internet access policy. A detailed description can
help facilitate maintenance.