User Guide
OmniAccess SafeGuard OS Administration Guide
351
Chapter 9: End Point Validation
Trigger Examples
In the following example, all Web traffic is redirected to the CPU.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #policy epv trigger
(SafeGuardOS) (policy-epv) #description “This is our standard trigger policy for
EPV.”
(SafeGuardOS) (policy-epv) #filter stdTrigger flow-out from any to any tcp 80
redirect-CPU
(SafeGuardOS) (policy-epv) #exit
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
In the next example, TCP traffic coming from devices in a specific network range are
permitted without redirection.
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #policy epv trigger
(SafeGuardOS) (policy-epv) #description “Trigger policy for CEO office, which is
exempt.”
(SafeGuardOS) (policy-epv) #filter CEOTrigger range 172.28.15.6 172.28.15 42 any
any permit
(SafeGuardOS) (policy-epv) #exit
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
Enabling EPV
The EPV feature can be globally enabled or disabled on the SafeGuard device. EPV is
disabled by default. When enabled, EPV uses the configured trigger and bypass policies
for all authenticated and unauthenticated hosts. Posture policies are applied based on the
outcome of the validations.
action Specifies the action to be taken if the traffic
matches the preceding patterns. The
preferred options are to redirect to the CPU
or to permit the packet.
Action can be any of the following:
■ deny – drop the packet
■ permit – allows the packet without further
evaluation
■ redirect-CPU – redirect the packet to the
CPU
Note: The deny action can cause heavy
network traffic, so use with caution.