manualshive.com logo in svg

M86 Security SWG, Руководство пользователя, Страница: 132 / 134

Поделиться
Скачать
M86 Security SWG Скачать руководство пользователя страница 132

S W G   U s e r   G u i d e

Chapter 21: Implementing Cloud Security

132

Note that 

Pending

 status displays cloud users who will get certificates after you click 

 

as opposed to 

Non

­

issued

 status, which displays cloud users who have not been issued a 

certificate.

b. Click the 

Filter

 button. 

This list of users, as filtered, is displayed below the filter row.

3. To manually issue a certificate to an uncertified user which makes the user a cloud user, click the 

 icon for the user and choose 

Issue

 

New

 

Certificate

.

4. To manage the certificates of a particular user, click the 

 icon for the user and choose the 

action to perform. Note the following points about possible actions:

Block

 

certificate

 is a temporarily blocks, but does not revoke a certificate. It is intended for 

use where a certificate is suspected of being compromised. If the certificate proves not to be 

compromised, you can unblock it via the 

Allow

 

certificate

 option; if the certificate has been 

compromised, you can permanently revoke it via the Revoke certificate option.

Revoke

 

certificate

 is permanent; it cannot not be reversed. Instead a new certificate would 

have to be issued via the 

Issue

 

new

 

certificate

 option, as described in 

Step 3

.

• The

 

Send

 

provisioning

 

email

 action re‐sends previously issued certificate information. This 

option is useful if the initial certificate was lost.

• You can export a user’s certificate to an external file via the 

Export

 

Certificate

 option.

5. To export all certificates for all users who have valid certificates, click the 

 

button at the bottom of the display. 

Â

To enable automatic certification of all new users in a group, and to prevent 

disabling of the Mobile Security Client

You can configure any User Group or LDAP Group so that all new users added to the group are auto‐

matically issued certificates. This is especially useful if you are dedicating the group to cloud users. 

You can also ensure the users in the group cannot disable the Mobile Security Client agent on their 

machines.
1. Display the list of user/LDAP groups as follows:

• For a regular user group, select 

Users

 

Æ

 

Users/User

 

Groups

.

• For an LDAP group, select 

Users

 

Æ

 

Authentication

 

Directories

 

Æ

 

LDAP

2. In the tree, select the group.
3. In the group definition screen, click 

Edit

.

4. To ensure that each 

new

 user added to the group automatically becomes a cloud user, that is 

issued a certificate, select the 

Issue

 

Mobile

 

Security

 

Client

 

Certificates

 

to

 

new

 

group

 

members

 checkbox. To issue certificates to all users who were in this group before you 

performed this configuration, see 

To manually issue or download certificates or emails at the 

Group level

.

NOTE:

 

This

 

step

 

is

 

not

 

necessary

 

for

 

new

 

users

 

added

 

to

 

a

 

User

 

Group

 

or

 

LDAP

 

Group

 

that

 

automatically

 

ensures

 

issuance

 

of

 

certificates

 

to

 

new

 

users.

 

For

 

more

 

information,

 

see

 

To 

enable automatic certification of all new users in a group, and to prevent disabling of the 

Mobile Security Client

.

 

This

 

step

 

is

 

necessary,

 

however,

 

for

 

users

 

who

 

belonged

 

to

 

the

 

group

 

before

 

it

 

was

 

so

 

config

­

ured,

 

and

 

for

 

users

 

in

 

such

 

a

 

group

 

whose

 

certification

 

has

 

been

 

revoked.

Содержание SWG

Страница 1: ...Secure Web Gateway SWG User Guide Release 10 2 0 Manual Version v 10 2 0 1...

Страница 2: ...ent However M86 Security makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose M86 Security shall not be l...

Страница 3: ...ltiple Windows 13 Relocating an Item in a Tree 13 Customizing the Management Console Toolbar 13 Using Keyboard Shortcuts 14 Chapter 2 Configuring Adding Scanning Servers 15 Configuring Device General...

Страница 4: ...Creating Configuring User Groups 33 Adding and Defining Users 35 Moving Users To a Different Group 36 Defining User Lists 36 PART 3 Configuring Advanced Network Settings 38 Chapter 5 Implementing Iden...

Страница 5: ...ining a Rule in a Logging Policy 58 Defining Conditions in a Logging Rule 59 Chapter 11 Configuring the Log Server 61 Configuring Log Server Settings 61 Chapter 12 Configuring Alerts 66 Assigning Aler...

Страница 6: ...Reports 86 Defining Report Schedules 86 Adding Report Shortcuts to the Favorites Folder 88 Viewing a Report s History 88 Exporting Reports 88 Chapter 17 Maintaining Your System 91 Performing Manual Ba...

Страница 7: ...ccess Lists 112 Configuring Transparent Proxy Mode 113 Scheduling Configuration And Security Updates for Scanning Server Device Groups 114 Implementing High Availability 114 Modifying LDAP Directory A...

Страница 8: ...led the Secure Web Gateway in your organization For installation instruc tions see the Secure Web Gateway Installation Guide you have set up the SWG using the Limited Shell For setup instructions see...

Страница 9: ...ge and License Installation Configuring The Mail Server Performing Basic Tasks in the Management Console Logging In and Logging Out Changing Your Password Committing Changes Working in Multiple Window...

Страница 10: ...word Change and License Installation When logging onto the Management Console for the first time 1 In your web browser enter https appliance IP address 2 If an alert message identifies a problem with...

Страница 11: ...Edit 3 To enable the sending of email ensure that the Enable Sending Email checkbox is selected 4 In the Hostname IP field specify the IP address or hostname of the SMTP Server you are using for examp...

Страница 12: ...displayed Login window enter the user name and password and click Login To log out of the Management Console 1 Click the Logout main menu option 2 At the confirmation prompt click OK Changing Your Pa...

Страница 13: ...click in the right corner of the tab Relocating an Item in a Tree Depending on the item and tree you can sometimes move an item to a different location in a tree To move an item to a different locati...

Страница 14: ...le 1 Keyboard Shortcuts Keyboard Shortcut What it does F2 Activates same as clicking Edit ESC Activates same as clicking Cancel Alt u Opens the Users menu Alt p Opens the Policies menu Alt s Opens the...

Страница 15: ...fferent Group Configuring Device General Settings Use the procedure to modify default settings and later after you have added devices to configure settings for specific devices To configure Device Gen...

Страница 16: ...yet defined you can perform the policy assignments later For instructions see Chapter 9 Assigning Policies To Devices 8 If you want to apply all default settings to existing devices right click Defaul...

Страница 17: ...ation changes will be committed and applied to the devices in the group You can choose between immediately upon commit specific interval in number of days at a specified time specific days of the week...

Страница 18: ...cause the Policy server is on a different device 5 Optionally add a description of the server 6 Optionally in the Access List tab define an Access List to limit access to specific IPs For more informa...

Страница 19: ...licy Defining Conditions in a Security Policy Rule Creating a Block Warn Message Editing a Message Template Chapter 4 Defining and Managing Users Setting Default User Policy Assignments Defining and M...

Страница 20: ...u can create policies from scratch Pre supplied security policies come in three security levels Basic Medium and Strict M86 also provides special purpose advanced Security policies for different users...

Страница 21: ...list type content that is for a URL Categorization or True Content Type list a Click Edit b Select the appropriate checkboxes in the list If displayed you can use the Select Deselect All checkbox c Cl...

Страница 22: ...olicy Definition is displayed in the main window 3 Enter a name for the policy 4 Add or modify the policy description as needed 5 When done click Save 6 Continue with Defining a Rule in a Security Pol...

Страница 23: ...diting End User Messages see Creating a Block Warn Message For Block actions only If the End User Message should not be displayed select the Do Not Display End User Message checkbox 4 To apply the rul...

Страница 24: ...rea above the list select whether the condition will apply to the items you check or to the items you do not check 6 Select the appropriate checkboxes in the list If the window displays a Select Desel...

Страница 25: ...ct Add Message 3 Type in the Message Name This field is mandatory 4 In the Message section enter the required message text 5 Use the Place Holders drop down menu to provide the end user with more info...

Страница 26: ...e message display a Place the cursor at the location in the preview where you want the element added b Select the element in the drop down list Element options include Back button Adds a Back button u...

Страница 27: ...you specify to which users the rule should apply and which users should be excluded from the application of the rule One of the methods for identifying these users is by defining User Lists which can...

Страница 28: ...t Master Policy usage 4 When done click Save 5 If you are ready to distribute and implement the changes in your system devices click Security Logging and HTTPS policies are automatically apply to all...

Страница 29: ...e General tab as follows 3 In the Base DN field enter the DNS domain component name for example dc M86security dc com 4 In the Address field specify the IP address or host name If the LDAP server does...

Страница 30: ...y definition f Select the Use Kerberos Authentication checkbox g Clear the Do not check configuration settings on next save checkbox h Skip to Step 12 11 If you do not want the connection to the serve...

Страница 31: ...figuring LDAP Group Settings NOTE Several LDAP Group parameters are relevant only if your site supports a Cloud in Internal mode In this case you must configure the cloud for instruction see Configuri...

Страница 32: ...DAP directory right click the LDAP directory and select Import Users To import LDAP Users into a specific LDAP group right click the LDAP group and select Import Users 3 If you are ready to distribute...

Страница 33: ...ment the changes in your system devices click Defining and Managing M86 Non LDAP Users This section contains the following topics Creating Configuring User Groups Adding and Defining Users Moving User...

Страница 34: ...the changes in your system devices click Assigning Policies to M86 Predefined User Groups SWG comes with the following predefined User Groups Cloud User Groups Blocked Cloud Users group and Revoked Cl...

Страница 35: ...o which the user will belong or the Independent Users node if the user will not belong to a group and select Add User The User Details screen is displayed in the main window To edit an existing use se...

Страница 36: ...d HTTPS policies should apply and to identify which users should be excluded from those rules User lists can contain LDAP Groups and Users and M86 User Groups and users To define a User List 1 Select...

Страница 37: ...ing Users If useful you can select clear the Select checkbox to select clear all items in the list and then adjust the selected items as needed 5 When done click Save 6 If you are ready to distribute...

Страница 38: ...uthentication Configuring Default and Scanning Server Authentication Chapter 7 Defining and Customizing Upstream Proxy Policy Defining an Upstream Proxy Policy Defining a Rule in an Upstream Proxy Pol...

Страница 39: ...ing an Active Directory Defining and Customizing Identification Policy M86 Security provides several predefined Identification Policies To set and customize Identification Policy 1 Decide which policy...

Страница 40: ...Select the Authentication Protocols Basic NTLM or Basic and NTLM ii Select the Authentication site The drop down list includes all customer Authentication domains defined in the Authentication Directo...

Страница 41: ...efined policy as the Identification Policy as follows a Select Administration System Settings M86 Devices b In the configuration tree at the right choose Scanning Server General c In the main screen a...

Страница 42: ...tion Method select the appropriate value Primary Backup or Load Balancer e For each Domain Controller do the following i Click the icon ii Fill in the Controller Name iii If the Authentication Server...

Страница 43: ...following procedure Configuring Default and Scanning Server Authentication Configuring Default and Scanning Server Authentication NOTE For instructions on configuring NTLM Authentication on Windows 7...

Страница 44: ...oken Reuse Number field specify the number of times a Challenge Token can be reused iii In the Challenge Token Lifetime field specify the time in seconds before SWG generates a new Challenge Token b I...

Страница 45: ...a computer name instead of a domain name e If an upstream proxy can and should authenticate users through the Secure Web Gateway system select the Forward Upstream Proxy Authentication checkbox In th...

Страница 46: ...lied Upstream Proxy Policy However you can duplicate such a policy and edit the duplicate you can also create an Upstream Proxy policy from scratch To define an Upstream Proxy Policy 1 Select Policies...

Страница 47: ...S W G U s e r G u i d e 47 Chapter 7 Defining and Customizing Upstream Proxy Policy 6 Continue with Defining a Rule in an Upstream Proxy Policy...

Страница 48: ...xisting rule right click the existing rule and select Insert Rule The main window displays the Rule Definition screen 3 Enter a name for the rule 4 Provide a description of the rule This description i...

Страница 49: ...d select the type of condition in the drop down list The list contains the following Condition types Header Fields limits direct internet access according to header name and value IP Range limits dire...

Страница 50: ...d But you can use Caching policies to bypass caching or to determine which URLS or File extensions are cached This chapter contains the following procedures Enabling Caching Defining a Caching Policy...

Страница 51: ...S W G U s e r G u i d e 51 Chapter 8 Enabling and Customizing Caching 6 If you are ready to distribute and implement the changes in your system devices click...

Страница 52: ...in a Caching Policy If you duplicated a policy it already has the same rules as were found in the original policy You can edit these rules You can also create new rules from scratch To define a rule i...

Страница 53: ...the Policy tree expand the relevant policy and rule For instructions on displaying the Policy tree see Step 1 in the procedure To define or duplicate and edit a Caching Policy 2 Do either of the foll...

Страница 54: ...es to Specific Devices Setting Device Policy Defaults To assign device default policies 1 Select Administration System Settings M86 Devices 2 In the M86 Devices tree expand the Devices root note and s...

Страница 55: ...Settings M86 Devices 2 In the M86 Devices tree expand the Devices root note and select devices_group device_ip Scanning Server General 3 In the main window click Edit 4 In the Device Policies tab set...

Страница 56: ...res Chapter 10 Defining and Customizing Logging Policy Defining a Logging Policy Defining a Rule in a Logging Policy Defining Conditions in a Logging Rule Chapter 11 Configuring the Log Server Configu...

Страница 57: ...not edit a pre supplied Logging Policy However you can duplicate such a policy and edit the duplicate you can also create a Logging policy from scratch To define a Logging Policy 1 Select Policies Log...

Страница 58: ...Rule checkbox ensure that the checkbox is appropriately selected or cleared depending on whether or not the rule should be enabled after being committed d In the Send To area check the locations to w...

Страница 59: ...b In the Condition Name field select the type of condition in the drop down list For any selected condition type except Malware Entrapment Profile the window displays an appropriate checkbox list For...

Страница 60: ...following a To change the Security level setting slide the sliding button to the appropriate value for example Basic or Strict For information about the level click the relevant level link for example...

Страница 61: ...formation to the Syslog file and or send Scanner information to an Archive zip file This chapter contains the following topic Configuring Log Server Settings Configuring Log Server Settings This task...

Страница 62: ...changes in your system devices click Configuring Log Relays and their schedules NOTE This procedure is relevant only if your site is using multiple scanning servers By default the Log server collects...

Страница 63: ...er Legacy Empty fields will not be shown in Syslog messages Standard Empty fields will be shown in Syslog messages ArcSight For sites using the external ArcSight sever If you choose this option you mu...

Страница 64: ...ore details on each format see the Management Console Reference Guide 3 To have the Archive location tested when you save the definition select the Test Archive Loca tion on Save checkbox Otherwise en...

Страница 65: ...nt Devices Group then the default IP node then Log Server and then Log Properties 3 Click Edit The main window is opened for editing 4 Click the Log Archiving tab 5 In the Log Archiving Location area...

Страница 66: ...t Types To Assign Alert Channels to Event Types 1 Select Administration Alerts Alert Settings The Alert Settings window is displayed 2 Click Edit 3 For each type of Event check the type of alert notif...

Страница 67: ...heckboxes optionally specify up to three possible destination servers Note If the device is set up to query a Domain Name System DNS server you are permitted to specify a host name instead of an IP ad...

Страница 68: ...itoring select the Use SNMP MIB Monitoring Information checkbox Otherwise fill in a Security name Security level Authentication Protocol Authentication key and Encryption key for SNMP Traps The same a...

Страница 69: ...r which the percentages should be measured alert clearing percentage amount of blocked incoming traffic as a percentage of total incoming traffic below which the alert will be cleared and it must be l...

Страница 70: ...Chapter 14 Viewing Logs Viewing Logs Creating Editing and Managing Log Profiles Viewing Transaction Details Web Log only Chapter 16 Viewing and Working With Reports Running and Viewing Reports Creati...

Страница 71: ...ormation The values you select affect the other graphs displayed in the window Alternatively you can adjust the time period by moving the period slider that appears in a number of graphs The time peri...

Страница 72: ...inistration System Settings M86 Devices In the configuration tree click the device Information is displayed in the Status tab Logs Web System and Audit See Viewing Logs See Viewing Logs Scanning Engin...

Страница 73: ...ontains the following topics Viewing Logs Creating Editing and Managing Log Profiless Viewing Transaction Details Web Log only Viewing Logs To view a log 1 Choose Logs and Reports View logtype The log...

Страница 74: ...t profile and several have other profiles pre supplied with the SWG application but you can define additional profiles To create or edit a log profile 1 Select Logs and Reports Log Profiles View logty...

Страница 75: ...it is displayed Otherwise right click the icon of the row and choose Delete Filter 6 Click Save To delete a profile 1 If the Profiles tree is not displayed display it by selecting Logs and Reports Log...

Страница 76: ...ansaction Entry details window contains a number of tabs transaction user policy and so on that displays information related to the transaction For an explanation of the information displayed in the t...

Страница 77: ...ing To configure ICAP Service module defaults choose Devices Default Values Device Settings ICAP Service To configure ICAP Service settings for a specific non cloud scanning server choose device_group...

Страница 78: ...rd Policy rules This section contains the following topics Configuring the ICAP Client Defining ICAP Service Groups Defining ICAP Services Defining an ICAP Forward Policy Configuring the ICAP Client T...

Страница 79: ...vice Group 1 Select Policies Condition Settings ICAP Service Groups 2 Do either of the following To create an ICAP Service Group right click the ICAP Service Groups root node and choose Add Group The...

Страница 80: ...hoose Add Service The main window for defining the ICAP Service is displayed To edit an existing ICAP Service select the service node and in the main window click Edit The ICAP Service window is displ...

Страница 81: ...eviously created from scratch or created by dupli cating select the policy in the tree and then in the main window click the Edit button The Policy Definition is displayed in the main window 3 Enter a...

Страница 82: ...inue as if nothing happened Fail close In case of any ICAP conversation failure fail the HTTP transaction 8 Click Save 9 To make rule triggering conditional continue with Defining Conditions in an ICA...

Страница 83: ...op down list For any selected condition type the window displays an appropriate checkbox list For detailed information on condition types and the particular items in a condition list see the Managemen...

Страница 84: ...e you can find it there For instructions on adding a report to the Favorites folder see Adding Report Shortcuts to the Favorites Folder 3 Right click the report in the tree or Favorites folder and cho...

Страница 85: ...abs General Columns and Filters 3 In the General tab define the general details about the report name description and format in the View As field 4 In the Columns tab select the data columns that shou...

Страница 86: ...rt When you define the schedule you can also modify which columns are displayed and the filtering criteria as part of the schedule When you define a schedule for a report it appears in the tree under...

Страница 87: ...ter for example Equals Note that the Operator drop down list varies according to the selected filter type Depending on your selections the Value field displays either a drop down list or a blank field...

Страница 88: ...ites folder and click Remove from Favorites Viewing a Report s History The history of scheduled report runs is automatically saved You can also save the history of a report that you run on demand by r...

Страница 89: ...xported Reports Location as described below in To define the Exported Reports Location To define the Exported Reports Location 1 Navigate to Logs and Reports Reporting Tool Exported Reports Location T...

Страница 90: ...ocation must include the server IP address and directory for your selected location in the following format server_ip_address dir for example 192 168 1 10 backup User to connect with must include the...

Страница 91: ...nually backup your system NOTE Before performing backup ensure that the backup settings have been configured For instructions see Configuring Backup Settings 1 Select Administration Rollback Backup No...

Страница 92: ...K in response to the Confirmation prompt The Reports data will be restored to the system 5 To verify that the operation was successful check the System log Viewing and Installing Updates In the Update...

Страница 93: ...local location containing the updates provided by M86 iii Click Import 3 To view relevant details about an update click the icon next to the update 4 To install an update click next to the update and...

Страница 94: ...e 1 Select Administration Export Import Export The File Download message appears 2 Click Save and choose the location to save this file To import policies rules and conditions from an exported databas...

Страница 95: ...t window is displayed 3 Select the desired action To leave the original conditions unchanged choose Leave original To overwrite the existing condition with the imported condition of the same name choo...

Страница 96: ...ning a Rule in a Device Logging Policy Configuring Default and Device Specific Access Lists Configuring Transparent Proxy Mode If you are ready to distribute and implement the changes in your system d...

Страница 97: ...S W G U s e r G u i d e 97 PART 6 Performing Advanced Configuration Defining an ICAP Forward Policy...

Страница 98: ...tomatically placed in a group called the RADIUS Default Group If your site has implemented Master Policy usage you can also assign a Master Policy to the Administrator Group This chapter contains the...

Страница 99: ...dministrator In the tree pane select the Administrator Group to which the Administrator should be added and click the icon Alternatively you can right click the administrator group and choose Add Admi...

Страница 100: ...lds the screen displays either a table of object types objects or a set of two radio button options The first option keeps the default permissions the second option lets you change the permissions 5 I...

Страница 101: ...column 5 Repeat as necessary 6 Click Save 7 If you are ready to distribute and implement the changes in your system devices click Configuring RADIUS Server Authentication You configure RADIUS Server A...

Страница 102: ...string to authenticate the client and the server 10 Select a number from the Retry Limit drop down menu For example retry limit is 6 times 11 Select a number from the Retry Interval drop down menu to...

Страница 103: ...tribute and implement the changes in your system devices click Scheduling Configuration And Security Updates for Scanning Server Device Groups Implementing High Availability Modifying LDAP Directory A...

Страница 104: ...4 Depending on the action that you want to perform a Enter the number of the main configure_network option b At each successive prompt enter the expected information for example item number or specifi...

Страница 105: ...ayed asking you if you would like to change the time configuration 3 Enter y to change the time configuration The screen displays a number of Time and Date config uration options 4 Enter 3 the option...

Страница 106: ...tab is displayed 4 In the Console Timeout field set the number of idle minutes that will result in the current session timing out 5 If the administrator should be required to provide a relevant commen...

Страница 107: ...ate and select Import Certificate in the drop down menu The Import Digital Certificate screen is displayed in the main window 3 Browse to the required file location and then Import the file making sur...

Страница 108: ...to connect to the Backup file storage location FTP connect using regular File Transfer Protocol FTP Passive connect using File Transfer Protocol where there is a firewall located between the Policy Se...

Страница 109: ...lled Note that if the Internet connection is blocked for the SWG appliance you can still receive updates by routing them through a proxy To configure automatic Update Handling 1 Select Administration...

Страница 110: ...e Policies root node in the tree and choose Add Policy To duplicate a Device Logging policy right click the policy in the tree that you want to dupli cate and choose Duplicate Policy To edit a Device...

Страница 111: ...continue with 9 To define additional rules in this policy repeat this procedure 10 If you are ready to distribute and implement the changes in your system devices click To define conditions in a Devi...

Страница 112: ...controlling which device IPs have access to the SWG system It is recommended that you use the procedure to modify default settings and later after you have added devices to configure settings for spe...

Страница 113: ...evice_group device_ip Scanning Server General 3 In the main window click Edit 4 Select the Transparent Proxy Mode tab 5 Select the Enable Transparent Proxy Mode checkbox 6 Specify the FTP HTTPS and HT...

Страница 114: ...ices in the group You can choose between Immediately upon commit Specific interval in number of days at a specified time Specific days of the week at a specified time Specific day of the month at a sp...

Страница 115: ...Save 5 Optionally specify a virtual device IP which will automatically route to whichever Policy Server is active at any given time as follows a In the tree pane select Management Devices Group b In...

Страница 116: ...rectory The attribute types are follows ImemberOf Attribute Means that each user has zero or more memberOf attributes each specifying a group to which the user belongs member Attribute Means that each...

Страница 117: ...define an HTTPS Policy 1 Select Policies HTTPS 2 Do one of the following To create a policy from scratch right click the Policies root node in the tree and choose Add Policy To duplicate an HTTPS pol...

Страница 118: ...e rule The description is optional c If the rule has an Enable Rule checkbox ensure that the checkbox is appropriately selected or cleared depending on whether or not the rule should be enabled after...

Страница 119: ...tions in an HTTPS Rule To define conditions in an HTTPS Rule 1 In the Policy tree expand the relevant policy and rule For instructions on displaying the Policy tree see Step 1 in the procedure To defi...

Страница 120: ...rt value in the HTTPS Service tab 6 If other configuration adjustments are needed in any of the tabs perform them For information on the fields in each tab see the Management Console Reference Guide 7...

Страница 121: ...the default c In the Certificate field paste the Certificate Public key d In the Private Key field paste the Private Key e Fill in the Password f Click OK Then continue with Step 3 3 Propagate the ce...

Страница 122: ...ly from user computers running the M86 Mobile Security Client or specifically defined proxy servers for example in remote offices Cloud Scanners can be run on a number of different platforms and altho...

Страница 123: ...tificate management creation and signing In Internal mode you designate which users are cloud users and manage users certificates and certification status You can also designate specific User Groups a...

Страница 124: ...will listen and to which all clients will connect b In the Client Side area do the following i In the Local Control Port field specify the port to which the client uses to perform control activities s...

Страница 125: ...network this name must be resolvable to the Internal Hostname IP which is specified in the next sub step When the user is outside the corporate network this name should not be resolvable to the Intern...

Страница 126: ...proxy add it to the bypass list as follows i Click the icon ii In the opened detail line specify the Network IP and Network Mask iii To delete a network bypass right click the icon and choose Delete...

Страница 127: ...lly download and modify the PAC file for later distribution Configuring Cloud Settings in PKI Mode NOTE Before configuring cloud settings ensure that you have added the needed cloud scanning servers F...

Страница 128: ...specify the client side port number used to uniquely identify a specific cloud proxy or cloud based load balancer for HTTP e In the Local Client HTTPS Port field specify the client side port number u...

Страница 129: ...tes a Server Certificate iii Open the certificate in a text editor for example Notepad and copy the certificate iv Click the Import CSR based Server Certificate button v In the displayed Certificate f...

Страница 130: ...In the EKU field specify the OID provided by the domain administrator 9 Define Certificate Revocation List handling in the CRL Handling tab as follows a Specify the location of the Certificate Revocat...

Страница 131: ...for certification you can make a group level request to issue certificates to all non provisioned users in the group You can also at the group level download all certificates issued to provisioned us...

Страница 132: ...on 5 To export all certificates for all users who have valid certificates click the button at the bottom of the display To enable automatic certification of all new users in a group and to prevent dis...

Страница 133: ...ration 1 Display the list of user LDAP groups as follows For a regular user group select Users Users User Groups For an LDAP group select Users Authentication Directories LDAP 2 In the tree do any of...

Страница 134: ...ngs M86 Devices 4 If the device that you are defining as a private cloud scanner is currently defined as a local scanner delete the device from the Device list by right clicking the device and choosin...

Отзывы:

Нет отзывов