Policy Management
zGateway has increased productivity for today’s enterprise by enabling more users to gain wider access by virtually connecting to private networks. But while broader access clearly enhances productivity, it also inherently widens network exposure to uncontrolled environments. For Example: If a remote client machine is infected with virus/worms/Trojans/spy-wares, this unwanted traffic is also sent to private network over secured connection. To effectively control these risks, it is no longer enough to manage access by user identity alone. The safety of the user’s end point environment must also be ensured, and enforce access policy based upon solid end point protection.
Host Scan policies enable scanning the endpoints for specified 3rd party products or information.
With zGateway you can create following type of policies:
· Antivirus based
· Antispyware based
· Firewall based
· MAC Address based
· IP Address based
These policies can be then linked with the security profiles described in later section (Device Profile Management).
NB: Endpoint Security is a licensable option on top of zGateway User License. You have to purchase a valid Endpoint License in order to enable this feature within zGateway. Endpoint Security is disabled for Security officers and Administrator logons.
Endpoint Security can only be enabled once you have created a device profile.
CREATE HOST SCAN POLICY
· On the VPN management console, expand Endpoint Management and then choose Host Scan Policies. Click on the Add button.
- Policy Name: Policy identifier.
· Policy Type: Select Policy Type.
· Policy Description: Enter Policy description.
ADD PRODUCT POLICY
AmZetta VPN Administrator can create following type of product Policies: Antivirus, Antispyware, Firewall, and MAC
Address and IP Address.
The link under Sub-policy on Create Policy screen automatically changes on the basis of Policy Type selection. Considering Antivirus policy type is selected. In the Create Policy screen or the Modify Policy screen, click on the Add Antivirus Product Policy link. The Add Antivirus Product Policy screen appears.
MODIFY POLICY
On the VPN management console, expand Endpoint Management > Host Scan Policies.
· Type the policy name in the Search Policies field. If entering multiple names, separate names with a comma. Type [*] to view all policy names.
· Click Show to view the search results.
· Click on the check box for the policy you want to edit and click Modify. The Modify Policy screen appears. Modify policy details as needed. Refer to Create Policy section while making the entries.
· Click Submit to save changes or click Cancel to cancel the changes made.
DELETE POLICY
· In the Edit Policy screen described above, click on the box for the Policies you want to delete. To select all policies, click on the Check all check boxes below the table.
· Click Delete to delete the selected policies.
· When prompted for deletion confirmation, click OK to delete the policies or click Cancel to abort.
NB: Policy for the Antispyware and Firewall products can be created in the same manner as Antivirus product policy.
Now considering MAC Address policy type is selected. In the Create Policy screen or the Modify Policy screen, click on the Add MAC Address Policy link. The Add MAC Address Policy screen appears.
- MAC Address Policy Name: Enter name of Policy.
· Allow/Block: Select one if you want to allow/block any of the specified MAC Address.
· MAC Addresses: Click on Add button to add MAC Addresses. Following screen appears.
- Click on Submit, the MAC address will appear on previous page under MAC Addresses.
· Click Submit on previous page to save changes or click Reset to reset the changes made.
· MAC policy will appear on Create Policy page.
NB: Policy for the IP Address can be created in the same manner as MAC Address policy.