Client Encrypt
What can I do here?
Use this window to define User Encryption Action properties for the Rule. If the allowed location in the rule is different to the location allowed in the User Properties, the settings here take precedence.
|
Getting Here - Security Policies > Access Control > Policy (Traditional mode) > Action column > More > Client Encrypt > Edit
|
Understanding Client Encrypt
Users on remote clients can be required to authenticate before they can connect to servers behind the Security Gateway.
To require remote users to authenticate in a traditional mode policy, define the Client encrypt rule.
Source
|
Destination
|
Service
|
Action
|
Track
|
All_Users@alaska
|
Net_A
|
My_Services
|
Client Encrypt
|
log
|
The table shows a typical remote access rule in a traditional mode Policy. User Access is defined in the Source column of the rule, and Client Encrypt in the Action column.
Client Encrypt - Options
- Source and Destination in the User Encryption Action Properties window have two options:
- Intersect with User Database - If the user who successfully authenticates is coming from a source or destination which is allowed to the user according to the rule, if the User Properties for that user do not allow this location, the user will actually be denied.
- Ignore User Database - Users who would otherwise denied as a result of the allowed source or destination defined in the User Properties are allowed anyway, (as long as they authenticate successfully).
- Apply Rule Only if Desktop Configuration Options are Verified controls Secure Client Verification for SecureClient connections. These connections can be either encrypted, for clients connecting via remote access, or unencrypted, where the SecureClient is on a LAN. If a user is successfully client-authenticated, they are only allowed access if the client machine is verified to be secure.