Security policy details, Basic information area, Isolation mode area – H3C Technologies H3C Intelligent Management Center User Manual
Page 44
28
Security policy details
The security policy details page has the following areas:
•
Common Configuration—Basic information about the security policy and the isolation mode
configuration.
•
PC—Security check items for PCs.
•
Smart Device—Security check items for smart devices.
UAM identifies the check items for PCs from smart device check items in the same security policy based
on the endpoint type and access scenario. EAD performs the security check after it is informed of the
check items by UAM.
The following information describes security check items for PCs. For more information about configuring
security check items for smart devices, see "
5 Configuring the security check for smart devices
EAD supports security checks on IPv6 hosts only when the Enable IPv6 parameter is set to Yes in the UAM
service parameter configuration. The default setting of this parameter is No. For more information, see
H3C IMC User Access Manager Administrator Guide.
Basic Information area
•
Policy Name—Unique name of the security policy.
•
Service Group—Service group to which the security policy belongs.
•
Security Level—Name of the security level used in the security policy. Click the name to view
detailed information. For more information, see "
•
Monitor in Real Time—When it is selected, this parameter enables real-time monitoring of user
endpoints in the security policy. For more information, see "
Configuring real-time monitoring
•
Process After—The amount of time, in minutes, that the iNode client waits before it isolates or kicks
out an access user for whom a violation is detected during real-time monitoring. The iNode client
prompts the user to make the necessary remediation and initiate a new security check to avoid
being isolated or kicked out.
This parameter appears only when the Monitor in Real Time option is selected.
•
Set as Default Policy for Roaming Users—When it is selected, this parameter makes the security
policy the default security policy for roaming users. You can specify only one security policy as the
default security policy for roaming users. For more information, see "
Configuring the default security
•
Description—Description of the security policy.
•
Check Passed Message—Message that the iNode client displays when an access user passes the
security check.
Isolation Mode area
•
Configure Isolation Mode—Indicates whether an isolation mode is configured. When this
parameter is not selected, the security policy does not have an isolation mode. When this
parameter is selected, the security policy can use any of the following isolation modes: Deploy ACLs
to Access Device, Deploy ACLs to iNode Client, or Deploy VLANs to Access Device.
The following parameters appear only when the Configure Isolation Mode option is selected. The
parameters vary by isolation mode.
•
Deploy ACLs to Access Device—This isolation mode deploys ACLs to access devices. For non-HP
ProCurve devices, EAD deploys ACL numbers or names through RADIUS packets. For HP ProCurve