Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
301302303304305306307308309310
OmniAccess SafeGuard OS Administration Guide
307
Chapter 7: Establishing a Security Policy
Figure 11 Role Hierarchy
Layer 7 Policies
A unique feature of SafeGuard OS is the ability to enforce policies at the Application
Layer. A Layer 7 policy is a type of user policy. By defining an application group, you
could restrict a vendor or contractor from using an application such as FTP. Application
traffic can be refined in the policy to permit or deny a certain filetypes.
An application filter is even further refinement of an application group. It blocks the
application based upon some action that the user performs. For example, suppose that a
vendor is allowed to use FTP, unless they attempt to upload any document that has the
string ‘payroll’ in the filename.
Visualization
The internal analysis of what the user is doing with an application is called Visualization.
Without Visualization, administrators cannot tell what users are doing in the network. To
control what is sent to OmniVista SafeGuard Manager when there is a policy violation or
to monitor statistics by indicating the log option in the filter action, deep packet
inspection and Visualization are integral to performing Layer 7 policies.
Configuring User Policies
Policy offers an enormous variety of configuration possibilities. This section describes the
coding and syntax for the basic policy commands and gives you guidance on the many
options available.
CST_061
Hardware Software Asia-Pac US
Engineering Marketing
Authenticated Least specific
Finance
Most specific