Adding an access policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 146
128
{
Retries—Maximum number of reconnection retries. This parameter appears only when the Auto
Reconnect after Network Failure option is selected.
{
Lowest Client Version—Lowest version number of the iNode client that can be used on the
network. This parameter must be used together with the iNode Client Only parameter of access
services.
{
Action for Violation—Action to take on the user who violates a check item. The action can be
Kick Out or Monitor. The Kick Out option disconnects the online user or rejects the access
request. The Monitor option logs the violation without affecting the user state. For more
information about the violation logs, see "
Managing authentication violation logs
UAM checks the selected items on the user endpoint. The check items include:
−
Disable Proxy Server—Prohibits use of proxy servers.
−
Disable Proxy Setting in IE—Prohibits use of proxy settings in the Internet Explorer browser.
−
Disable Multiple NICs—Prohibits use of more than one NIC.
−
Prohibit Multiple OSs—Prohibits installation of more than one Windows operating system.
−
Prohibit Multi-IP on Authenticated NIC—Prohibits the authenticated NIC from using more
than one IP address.
−
Forbid Modifying MAC—Prohibits modifying the MAC address of the authenticated NIC.
−
Reject Duplicate MAC Addresses—Prohibits the user from using the same MAC address as
an online user.
−
Block VMware NAT Service—Prohibits the user from setting vNICs to NAT mode on VMs.
This option prevents unauthorized VMs from accessing network resources by using the host
computer's IP address.
−
Block VMware USB Service—Prohibits the user from using the VMWareHostd and
VMUSBArbService services. This option prevents VMs from using the USB devices that are
mounted to the host computer. Select both Block VMware NAT Service and this option to
prohibit the host computer from sharing the wireless hotspots that are created on the vNICs
of VMs.
−
Prohibit from Running on Virtual Machine—Prohibits the user from running the iNode client
on a virtual machine.
−
IP Address Assignment Method—Checks the IP address assignment method on the
endpoint: All, Static, or Dynamic.
3.
To return to the access policy list page, click Back.
Adding an access policy
1.
Access the access policy list page.
2.
Click Add.
The Add Access Policy page appears, comprising the Basic Information, Authorization
Information, Authentication Binding Information, and User Client Configuration areas.
3.
Configure the Basic Information area parameters:
{
Access Policy Name—Enter a unique name of the access policy.
{
Description—Enter a description of the access policy to help facilitate maintenance.