User Guide
OmniAccess SafeGuard OS Administration Guide
346
Chapter 9: End Point Validation
■ Creating Global Bypass Policies
■ Configuring a Trigger Policy
Creating Global Bypass Policies
Use a global bypass policy to define users that are not required to have their virus and
system software checked on a regular basis. Global bypass policies are useful for filtering
users with specific roles that do not require posture checking. Also use the global bypass
policy to allow LDAP access for passive authentication. For example, you might have an
employee using their personal machine temporarily for a project. In this case you would
want to allow the employee to authenticate and go through role assignment with user
policies but would not want to check software levels. If users want to do role-based EPV
then that is configured by using bypass policies.
To create a bypass policy:
1 Use the Global Configuration command,
policy epv bypass, to enter the policy-
epv submode. This command does not have any options or parameters. For
example,
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #policy epv bypass
(SafeGuardOS) (policy-epv) #
2 Add a description of the policy, using the description keyword. This step is
optional, but is recommended. Strings are entered in double quotation marks. For
example:
(SafeGuardOS) (config) #policy epv bypass
(SafeGuardOS) (policy-epv) #description “This is our standard bypass
policy.”
(SafeGuardOS) (policy-epv) #
3 Define a filter for each rule and an action to execute. The syntax of an EPV bypass
filter is:
filter name {direction} from source to destination protocol bypass
Syntax Description name Name of the user filter.
direction Specifies the direction that a flow is initiated.
Direction can be any of the following:
■ flow-in – apply to flows initiated from
the user-side of the SafeGuard device
■ flow-out – apply to flows initiated from
the network-side of the device
■ (Default) blank, which applies to flows in
either direction