Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Infranet Controller Host Enforcer Policies (NSM Procedure)

    Host Enforcer is a stateful packet filter that is built into the Odyssey Access Client. You configure Host Enforcer policies on the Infranet Controller.

    To configure a Host Enforcer policy:

    1. In the NSM navigation tree, select Device Manager> Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller for which you want to configure a Host Enforcer policy.
    3. Click the Configuration tab. In the configuration tree, select UAC > Host Enforcer.
    4. Add or modify Host Enforcer policy settings as specified in Table 1. Table 2 gives examples of specifying for a Host Enforcer policy.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Host Enforcer Policy Configuration Details

    OptionFunctionYour Action


    Specifies the Host Enforcer policy name.

    Enter a name for the Host Enforcer policy.


    Describes the Host Enforcer policy.

    Enter a brief description for the Host Enforcer policy.


    Specifies the traffic you want to allow or deny on the endpoints.

    Click collection-of-resources and add or modify resources, one rule per line using the following syntax:

    [<protocol>’://’]<host>[’/’<net-mask>]’:’ <DestinationPorts>[{{’:’<SourcePorts>]

    Applies to roles

    Specifies the roles to which this policy is applicable.

    • Select Policy applies to ALL roles to apply the Host Enforcer policy to all users.
    • Select Policy applies to SELECTED roles to apply the Host Enforcer policy only to users who are mapped to roles in the Members list.
    • Select Policy applies to roles OTHER THAN those selected to apply the Host Enforcer policy to all users except those who map to the roles in the Members list.

    Note: Select the policies from the Non-members list and click Add to move it to the Members list before applying the policies to the roles.


    Specifies whether you want this policy to allow or deny the traffic you specified for resources. For example, you can create a policy that denies outgoing TCP traffic for a particular role.

    Select this option.

    Table 2: Examples of Specifying Resources in a Host Enforcer Policy

    Specify This ProtocolTo Allow


    Outgoing TCP traffic on ports 21, 80, and 443 only.


    Incoming FTP traffic from on FTP server port 20 to all ports on the endpoint.


    Incoming UDP traffic from all IP addresses to all ports on the endpoint.


    Incoming and outgoing ICMP traffic from all IP addresses to all ports on the endpoint.

    Published: 2012-11-28