User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

321

322

323

324

325

326

327

328

329

330

OmniAccess SafeGuard OS Administration Guide

323

Chapter 7: Establishing a Security Policy

(SafeGuardOS) (config) #policy user policySshTelnetWinNY

(SafeGuardOS) (policy-user) #filter f1 from any to any application-group

agSshTelnetWinNY deny log precedence 20

(SafeGuardOS) (policy-user) #exit

(SafeGuardOS) (config) #exit

(SafeGuardOS) #

Overriding System Policies with a User Policy

In the rare case where it is necessary to temporarily override a system policy, create an

override policy. These policies have a higher ranking than system policies and are

executed after malware policies. For more information on the ranking of policies, see

Policy Enforcement on page 299.

The policy override command follows all of the syntax of the policy user command, see

Defining and Applying User Policies on page 314 for further details.

EPV Policies

End point Posture Validation (EPV) is a component of SafeGuard OS that verifies that an

end user’s system and virus software is current. EPV uses policies as the enforcement

agent to determine whether the user needs to have their machine scanned for current

software levels or whether the user can bypass examination. There are two required EPV

policies: trigger and bypass.

■ The trigger policy determines which packets need checking and what to do with

those packets until EPV is complete.

■ The bypass policy defines users and resources that do not require checking. For

example, you might want to put an IP-enabled printer in the bypass policy.

For a full discussion of EPV and how to configure the EPV policies, see End Point

Validation on page 341.

Configuring Policy-Based Mirroring

SafeGuard OS supports both port-based mirroring and policy-based mirroring. Port-

based mirroring copies all traffic from a port onto a destination port. Port-based

mirroring is further discussed in Understanding Mirroring and Monitoring Ports on page 91.

Policy-based mirroring is a refinement on port-based mirroring. Policy-based mirroring

allows you to specify mirroring at the rule-level of a policy. When you specify the

keyword

mirror on the filter statement of a user or malware policy, only the traffic

matching that user or malware policy is mirrored to the destination port. See also,

Configuring the Rules on page 316.