Url control area, Anti-virus software control area – H3C Technologies H3C Intelligent Management Center User Manual
Page 45
29
devices, EAD deploys access ACL rules through extended RADIUS packets. The isolation mode has
the following parameters:
{
Security ACL (for non-HP ProCurve)—Number or name of the security ACL deployed to non-HP
ProCurve devices.
{
Isolation ACL (for non-HP ProCurve)—Number or name of the isolation ACL deployed to non-HP
ProCurve devices.
{
Security ACL (for HP ProCurve)—Name of the access ACL deployed to HP ProCurve devices as
the security ACL. Click the ACL name to view the ACL rules in the access ACL. For information
about access ACLs, see H3C IMC User Access Manager Administrator Guide.
{
Isolation ACL (for HP ProCurve)—Name of the access ACL deployed to HP ProCurve devices as
the isolation ACL. Click the ACL name to view the ACL rules in the access ACL. For information
about access ACLs, see H3C IMC User Access Manager Administrator Guide.
•
Deploy ACLs to iNode Client—This isolation mode deploys ACL rules to the iNode client through
EAD messages. For more information about configuring client ACLs, see "
."
The isolation mode has the following parameters:
{
Security ACL—Name of the security ACL deployed to the iNode client. Click the ACL name to
view the ACL rules in the client ACL.
{
Isolation ACL—Name of the isolation ACL deployed to the iNode client. Click the ACL name to
view the ACL rules in the client ACL.
•
Deploy VLANs to Access Device—This isolation mode deploys VLAN IDs to access devices through
RADIUS packets. The VLANs corresponding to the VLAN IDs must exist on the devices. The isolation
mode has the following parameters:
{
Security VLAN—ID of the security VLAN deployed to access devices.
{
Isolation VLAN—ID of the isolation VLAN deployed to access devices.
URL Control area
•
Enable URL Access Control—Indicates whether to check URLs accessed by the access users.
The following parameters appear only when the Enable URL Access Control option is selected:
•
URL Control Policy—Name of the URL control policy used in the security policy. The URL control
policy controls user access to specified websites by domain name or IP address.
•
Check Hosts File—Indicates whether to check the Hosts file on the user endpoint. When this option
is enabled, the iNode client checks the Hosts file against the IP address list located to the right of the
Check Hosts File field. When the Hosts file of a user endpoint contains an IP address that is not on
the list, the iNode client forces the user to log out. This feature prevents users from accessing
unauthorized websites by modifying the Hosts file.
The Hosts file check can serve as a supplement to the URL control policy. A user might bypass the
URL control policy by modifying the Hosts file to access a prohibited URL. The Hosts file check
applies only to access users using Windows. For example, the path of the Hosts file on Windows
7 is C:\WINDOWS\system32\drivers\etc\hosts.
Anti-Virus Software Control area
The anti-virus software check takes effect on Windows, Linux, and Mac OS PCs.
•
Check Anti-Virus Software—Indicates whether to check the anti-virus software on the user endpoint.
The check items include the anti-virus definition version, engine version, software installation status,
and software running status.
The following parameters appear only when the Check Anti-Virus Software option is selected: