If you would like to control administrator access to the ProxySG Management Console and CLI, you can create policy to configure administrator access privileges.
Using policy rules, you can require administrators to identify themselves by entering a username and password and specify whether read-only or read-write access is given. You can make this policy contingent on IP address, user name, group membership (if credentials were required), and many other conditions.
This solution assumes you have already configured users and groups for authentication (using RADIUS, LDAP, Microsoft Active Directory, or other authentication servers) and created a realm on the ProxySG to connect to these servers.
Procedure to follow
To create policy for ProxySG administrator access:
1. Launch the Visual Policy Manager.
2. Create an Admin Authentication layer (Policy > Add Admin Authentication Layer ).
3. In the Admin Authentication layer, specify the authentication realm that will be used to authenticate administrative users of the ProxySG:
* Right-click in the Action column and choose Set.
* Select New > Authenticate.
* Select the authentication mode and realm. (See ProxySG Authentication Modes.)
* Close the dialogs.
4. Create an Admin Access layer (Policy > Add Admin Access Layer).
5. In the Admin Access layer, define who is allowed to access the ProxySG:
* Right-click in the Source column and choose Set.
* Select New.
* Select the entity (for example, Client IP address/subnet, User, Group) and configure the specifics.
* Close the dialogs.
6. Specify the type of administrator read/write access:
* Right-click the Action column and select Allow Read-only Access or Allow Read/Write Access.
7. By default, the policy applies to any service (HTTP/HTTPS in the Management Console and SSL in the CLI). If you want to control access to just the MC or just the CLI:
* Right-click in the Service column and choose Set.
* Select New > Service Name.
* Select the service you want the rule to apply to (HTTP-Console, HTTPS-Console, or SSH-Console).
* Close the dialogs.
8. Install the policy.
Using policy rules, you can require administrators to identify themselves by entering a username and password and specify whether read-only or read-write access is given. You can make this policy contingent on IP address, user name, group membership (if credentials were required), and many other conditions.
This solution assumes you have already configured users and groups for authentication (using RADIUS, LDAP, Microsoft Active Directory, or other authentication servers) and created a realm on the ProxySG to connect to these servers.
Procedure to follow
To create policy for ProxySG administrator access:
1. Launch the Visual Policy Manager.
2. Create an Admin Authentication layer (Policy > Add Admin Authentication Layer ).
3. In the Admin Authentication layer, specify the authentication realm that will be used to authenticate administrative users of the ProxySG:
* Right-click in the Action column and choose Set.
* Select New > Authenticate.
* Select the authentication mode and realm. (See ProxySG Authentication Modes.)
* Close the dialogs.
4. Create an Admin Access layer (Policy > Add Admin Access Layer).
5. In the Admin Access layer, define who is allowed to access the ProxySG:
* Right-click in the Source column and choose Set.
* Select New.
* Select the entity (for example, Client IP address/subnet, User, Group) and configure the specifics.
* Close the dialogs.
6. Specify the type of administrator read/write access:
* Right-click the Action column and select Allow Read-only Access or Allow Read/Write Access.
7. By default, the policy applies to any service (HTTP/HTTPS in the Management Console and SSL in the CLI). If you want to control access to just the MC or just the CLI:
* Right-click in the Service column and choose Set.
* Select New > Service Name.
* Select the service you want the rule to apply to (HTTP-Console, HTTPS-Console, or SSH-Console).
* Close the dialogs.
8. Install the policy.
1 comment:
This is a copy of the bto bluekoat site
Post a Comment