Location-Based Policies

Location-based policies add location awareness support for the Desktop Firewall using these policies:

Connected Policy - Enforced when:
- VPN is connected.
- VPN is disconnected and Location Awareness determines that the endpoint computer is on an internal network. The Connected Policy is not enforced "as is" but modified according to the feature's mode (the disconnected_in_house_fw_policy_mode property).
Disconnected Policy - Enforced when the VPN is not connected and Location Awareness sees that the endpoint computer is not on an internal network.

Location-Based Polices for Desktop Firewall are disabled by default. Do these procedures to enable Location-Based Policies.

Note - Make sure that the Location Awareness feature is enabled and is working correctly.

Location Awareness Policy Configuration

This release introduces two new properties in client configuration:

disconnected_in_house_fw_policy_enabled - Defines if the feature is enabled or disabled.

Possible values are:
- true - enabled
- false - disabled (default)
disconnected_in_house_fw_policy_mode - Defines which policy will be enforced after Location Awareness detection.

Possible values are:
- encrypt_to_allow - Connected policy will be enforced, based on last connected user. Encrypt rules will be transformed to Allow rules (default).
- any_any_allow - "Any - Any - Allow" will be enforced.

To enable Location Awareness for desktop firewall:

Add the disconnected_in_house_fw_policy_enabled entry to the file:

:disconnected_in_house_fw_policy_enabled (

:gateway (disconnected_in_house_fw_policy_enabled

:default (true)

)

To configure the location based policy:

Add the disconnected_in_house_fw_policy_mode entry to the file:

:disconnected_in_house_fw_policy_mode (

:gateway (disconnected_in_house_fw_policy_mode

:default (encrypt_to_allow)

)

Save the file and install the policy.

Note - It is highly recommended to configure default values for these properties in trac_client_1.ttm for all gateways.