The Adaptive Policy feature will allow you to specify 3 profiles:
Corporate
VPN
Default (aka Hostile)
The location is determined based on 3 joint decision points:
1st - Am I connected to Central Management ? (ICEcap or RSSP DC)
2nd - Do I have an active VPN tunnel?
3rd - Is my IP Address in the Corporate IP Range*
*Corporate IP Range is a property of the RSSP DC
The IP is a tertiary decision point that helps to ensure that all
criteria are met to satisfy the Corporate Location criteria. This is
mostly to handle the case of a DC in a DMZ.
The Corp IP list serves two purposes:
1) Adaptive Policy information (above)
2) AV Compliance
For AV Compliance:
Immediate Outbound FW rules are put in place for these IPs when a system
is Out of Compliance.
Therefore, the Corporate IP list should contain both:
IP ranges you would like to Protect from a system not current on
AV Protection
and
IP ranges that could be assigned to the Agent when in the Corp
Intranet.
As long as you don't include Virtual VPN IP ranges which could be
assigned to clients VPN'ing in; you could over-populate your lists with
higher level ranges to reduce how many discrete entries required.
Without the necessary Central Management Connectivity, it cannot
accidentally give the Corporate Policy.
-----Original Message-----
From: [EMAIL PROTECTED] On Behalf Of Cunningham, Chris,
R.
Sent: Tuesday, March 30, 2004 4:19 PM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Adaptive Policy in Desktop Protector 7.0
We are interested in having systems in a paranoid, locked-down mode when
not connected to the corporate LAN, and then a more relaxed policy when
connected to the LAN. According to ISS we have to insert every IP range
a laptop could be in on the LAN to make the policy switch - this is
around 200 class C ranges which have to be entered one at a time.
Any thoughts would be appreciated.
Thanks
*************************************************************
This e-mail and any files transmitted with it may
contain confidential and/or proprietary information.
It is intended solely for the use of the individual
or entity who is the intended recipient.
Unauthorized use of this information is prohibited.
If you have received this in error, please contact
the sender by replying to this message and delete
this material from any system it may be on.
*************************************************************
~~
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.
