Configuring SCV Enforcement
The SCV Checks defined in the local.scv policy always run on the client.
To let the Security Gateway enforce access based on SCV results, configure the SCV settings on the Security Gateway.
For example, the Security Gateway can immediately block non-compliant clients from connecting to the LAN.
To configure SCV Enforcement for the Security Gateways:
-
In SmartConsole, open Menu > Global Properties.
-
Open Remote Access > Secure Configuration Verification (SCV).
-
Select Apply Secure Configurations on Simplified Mode to enable the SCV feature.
This causes the Security Gateway to verify client compliance.
-
In the Upon Verification failure area, set the action of the Security Gateway if a client fails one or more SCV checks and is non-compliant.
-
Block client's connection
-
Accept and log client's connection
If you block non-compliant clients, you can set up exceptions to allow the clients to download remediations.
-
-
Make sure that there is at least one rule in the firewall Rule Base that has the Remote Access VPN community object in the VPN column.
-
Click OK.
-
Publish the changes.
|
Important - SCV does not work without the Desktop policy. See Configuring a Desktop Firewall Policy |
|
Note - There are additional sections in the Secure Configuration Verification (SCV) page:
|