User Guide
OmniVista SafeGuard Manager Administration Guide
110
Chapter 5: Device Configuration
whether a user’s machine is scanned (checked) or whether the user is allowed to
bypass the check. EPV policies cannot be assigned to a role.
Traffic Flow
Unlike competitive products, Alcatel-Lucent devices are not packet-based or packet-
based control mechanisms. Instead, the system initiates policy enforcement on TCP
connections or groupings of UDP packets. These connections are called flows. The upper
physical ports of the Alcatel-Lucent devices are called the network side of the device and
the lower physical ports the host side. In the default policy configuration, you express a
policy from the host side perspective, but the policy is applied to traffic in both directions.
This bidirectional behavior is unlike traditional Access Control Lists (ACLs) that require
explicit CLI configuration for each direction.
However, there are occasions when you want to control a flow from the network side of
the device. You can change the flow direction using the flow-in and flow-out attributes in
the Filter Direction field when defining policy filters. For more information on traffic
filters, see Tab le 25.
NOTE: Only Malware and User policies can be assigned to a role. For
more information on roles, see Roles.
&67B
+RVW%
'HVW3RUW
+RVW%
6UF3RUW
1HWZRUN
VLGH
+RVW
VLGH
6DIH*XDUG26
7UDIILFLVLQLWLDWHG
IURP+RVW$
RQ+RVWVLGH
)ORZRXWH[DPSOH
+RVW$
6UF3RUWDQ\
+RVW$
'HVW3RUWDQ\
+RVW$
'HVW3RUW
+RVW$
'HVW3RUW
1HWZRUN
VLGH
+RVW
VLGH
6DIH*XDUG26
7UDIILFLVLQLWLDWHG
IURP+RVW%
RQ1HWZRUNVLGH
)ORZLQH[DPSOH
+RVW%
6UF3RUWDQ\
+RVW%
6UF3RUWDQ\