Alto BEXT 100H Guía de usuario descargar pdf (Pagina 169)

GlobalProtect Administrator’s Guide 163

GlobalProtect Quick Configs GlobalProtect for Internal HIP Checking and User-Based Access

GlobalProtect for Internal HIP Checking and User-Based

Access

When used in conjunction with User-ID and/or HIP checks, an internal gateway can be used to provide a

secure, accurate method of identifying and controlling traffic by user and/or device state, replacing other

network access control (NAC) services. Internal gateways are useful in sensitive environments where

authenticated access to critical resources is required.

In a configuration with only internal gateways, all clients must be configured with user-logon; on-demand mode

is not supported. In addition, it is recommended that you configure all client configurations to use single sign-on

(SSO). Additionally, because internal hosts do not need to establish a tunnel connection with the gateway, the

IP address of the physical network adapter on the client system is used.

In this quick config, internal gateways are used to enforce group based policies that allow users in the

Engineering group access to the internal source control and bug databases and users in the Finance group to

the CRM applications. All authenticated users have access to internal web resources. In addition, HIP profiles

configured on the gateway check each host to ensure compliance with internal maintenance requirements, such

as whether the latest security patches and antivirus definitions are installed, whether disk encryption is enabled,

or whether the required software is installed.

Figure: GlobalProtect Internal Gateway Configuration

1 2 ... 164 165 166 167 168 169 170 171 172 173 174 ... 177 178

Sin comentarios

Alto BEXT 100H Guía de usuario Pagina 169