Configuring Infranet Enforcer Resource Access Policies (NSM
Procedure)
An Infranet Enforcer resource access
policy specifies which users are allowed or denied access to a set
of protected resources.
To configure Infranet Enforcer resource access
policies:
- In the NSM navigation tree, select Device Manager> Devices.
- Click the Device Tree tab,
and then double-click the Infranet Controller for which you want to
configure Infranet Enforcer resource access policies.
- Click the Configuration tab.
In the configuration tree, select UAC > Infranet Enforcer
> Resource tab.
- Add or modify settings for resource access policies
as specified in Table 1.
- Click one:
-
OK—Saves the changes.
-
Cancel—Cancels the modifications.
Table 1: Resource Access Policies Configuration Details
| Option | Function | Your Action |
|
Name
|
Specifies the resource access policy name.
|
Enter a name for the resource access policy.
|
|
Description
|
Describes the resource access policy.
|
Enter a brief description for the resource access policy.
|
|
Resources
|
Specifies the protocol, IP address, network mask, and
port of each resource for which this Infranet Enforcer resource access
policy applies.
|
Enter the protocol, IP address, network mask, and port
of each resource (or range of addresses) for which this Infranet Enforcer
resource access policy applies, one per line. Do not insert any spaces
in your entries. If you insert spaces, the policy may not be applied
correctly.
|
|
Applies to roles
|
Specifies the roles to which this policy is applicable.
|
- Select Policy applies to ALL roles to apply this Infranet Enforcer resource access policy to all users.
- Select Policy applies to SELECTED roles to apply this Infranet Enforcer resource access policy only to users
who are mapped to roles in the Selected roles list.
- Select Policy applies to all roles OTHER
THAN those selected to apply this Infranet Enforcer resource
access policy to all users except those who map to the roles in the
Selected roles list.
Note:
Select the policies from the Non-members list and click Add to move it to the Members list before applying
the policies to the roles.
|
|
Action
|
Specifies whether this Infranet Enforcer resource access
policy should allow or deny access to the specified resources.
|
- Select Allow access to allow access
to the specified resources.
- Select Deny access to deny access
to the specified resources.
Note:
If you choose to deny access, a text box appears that
allows you to customize the message for users.
If you want to record deny actions in the User Access Log, select
the Enforcer Deny Messages check box on the Log/monitoring
> User Access > Settings page. The log records the user, source IP,
destination IP, protocol, and destination port.
|
|
Applies to Enforcer options
|
Specifies the Enforcer options to which the policy is
applicable.
|
Select Enforcer Option to select the Enforcer policy options that you want to apply to
selected roles.
Note:
By default, all policy options are enabled on the Infranet
Controller. To enforce the policies, you must create corresponding
policies on the Infranet Enforcer. If the Infranet Controller is upgraded
from a previous version, all enforcer options are enabled for all
of the resource access policies that were available prior to the upgrade.
- Select All Enforcer Options to apply
to all enforcer options in the Enforcer Option dialog box.
- Select SELECTED Enforcer Options to
apply only the selected enforcer options from the Enforcer Option
dialog box.
- Select Enforcer options OTHER THAN those
selected to apply to the enforcer options that are not selected
in the Enforcer Option dialog box.
|
