Modifying an internet access policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 127
111
{
State-Based Internet Access Control—Select this option to enable state-based Internet access
control. The following parameters appears when this option is selected:
−
All but Authenticated NIC—Select the ACL to apply to all NICs except the NIC connected to
the enterprise network. An empty field indicates that no ACL is configured.
−
Unauthenticated Hosts—Select the ACL to apply to all NICs on the PC when none of the
connections in the iNode client are active. If no ACL is specified, the most recent ACL
deployed to the iNode client is used. If no ACL has been deployed, the default ACL is used
to control Internet access.
{
Ping-Based Internet Access Control—Select this option to enable ping-based Internet access
control. The following parameters appears only when this option is selected:
−
Destination IP Address 1/Destination IP Address 2—Configure one or both of the IP
addresses to be pinged by the iNode client.
−
Offline Host ACL for Ping Success—ACL to apply when a destination IP address is
successfully pinged.
−
Offline Host ACL for Ping Failure—ACL to apply when neither of the destination IP
addresses can be pinged.
{
Ping Monitor Server for Offline Audit—Select this option to enable ping-based Internet access
audit for unauthenticated Internet access. The following parameters appear only when this
option is selected:
−
Monitor Server IP—Specify a list of IP addresses to be pinged by the iNode client, one per
line.
−
Maximum Records—Specify the maximum number of ping success records that can be
stored by the iNode client. When the limit is exceeded, the iNode client overwrites old
records with new records.
−
Ping Interval (minutes)—Specify the interval, in minutes, at which the iNode client pings the
specified IP addresses.
{
Enable Internet Access Audit—Select this option to enable audit for authenticated Internet
access. The following parameters appears only when this option is selected:
−
Audit Policy—Name of the audit policy to be used by the Internet access policy. For
information about configuring audit policies, see "
Managing Internet access audit
−
Report Interval (minutes)—Specify the interval, in minutes, at which the iNode client sends
Internet access audit logs to EAD. The value range is 10 to 60 and the default is 30. The
iNode client reports the Internet access audit logs to EAD at the specified interval and when
the user logs off.
5.
Click OK.
Internet access policies use client ACLs. For more information, see "
."
Modifying an Internet access policy
1.
Click the User tab.
2.
From the navigation tree, select User Security Policy > Endpoint Access Control > Internet Access
Policy.
The Internet Access Policy page appears.
3.
Click the Modify icon
for the Internet access policy you want to modify.