User Guide
OmniAccess SafeGuard OS Administration Guide
345
Chapter 9: End Point Validation
the last two boxes (Require Integrity Secure Workspace and Require
Advanced Anti-keylogger) because Alcatel-Lucent does not support these
features. After being set in ICS, you should keep these settings in an optional
backup file in NVRAM or on a TFTP server. This procedure is described in
Backing Up and Restoring the ICS Gateway Configuration on page 355.
4 After the user receives notification of a healthy posture, they must keep the
browser window open. This is a CLI configurable option. The ICS agent that was
downloaded will perform a periodic rescan of the host.
Configuring EPV
Configuration for EPV involves configuring SafeGuard OS components and components
from Check Point Software Technologies Ltd. Details for configuring the ICS module of
Check Point Software are not described in this guide.
To configure ICS posture validation rules and the scan interval, see Chapter 4:
Administering Security Scanner Policies in the Integrity Clientless Security Administration
Guide.
To configure a SafeGuard device for EPV:
1 Configure policies for bypass and trigger. These policies are described in
Configuring EPV Policies on page 345.
2 Enable EPV. This step is described in Enabling EPV on page 351.
3 Configure DNS to ensure that ICS can perform client-side updates. These
commands are discussed in Configuring Domain Name Servers on page 77.
EPV has the flexibility to also allow:
■ Adding or Deleting Additional ICS Administrators
■ Backing Up and Restoring ICS Policies and Rules
■ Backing Up and Restoring the ICS Gateway Configuration
■ Tailoring Contact Information
These optional configuration steps are discussed in Optional EPV Configuration on
page 352.
Configuring EPV Policies
In an EPV policy, a set of rules are established that define the bypass conditions or trigger
events for the user. For both types of policies, filter statements are used to create the rules.
See the following sections for more details: