[THIN] Re: need some help....
- From: Jeremy Saunders <jeremy.saunders@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 11 Jan 2008 17:20:38 +0900
It depends upon the uniqueness of your Domain name, but I would never use
this scan on it's own. I've blogged this here:
http://www.jhouseconsulting.com/index.php/blog/2008/01/08/the-myth-surrounding-various-end-point-analysis-scans/
Simply create a Custom Filter called "Trusted", that contains the output of
various EPA Scans.
Then create a Connection Policy and add the "Trusted" filter to it.
Therefore if the output of the EPA scan is True, they will be able to use
the Secure Access Client. If it's False, then will just provide the user
will access to the traditional Web Interface style interface, or whatever
else you want to publish.
My definition of a Fully Trusted device means...
- Must be a member of your Domain.
- Must have the "YourCompany_Asset" registry key as explained in the above
article.
- Must have the required AV installed and and minimum required pattern and
program versions.
- Must have the appropriate Service Pack level relevant to the OS. eg
Windows XP requires SP2.
- Must have the appropriate Hotfixes installed on top of the service pack.
Hope that helps.
Cheers.
Kind regards,
Jeremy Saunders
Senior Technical Specialist
Infrastructure Technology Services
(ITS) & Cerulean
Global Technology Services (GTS)
IBM Australia
Level 1, 1060 Hay Street
West Perth WA 6005
Postal: PO Box 525, West Perth WA
6872
Visit us at
http://www.ibm.com/services/au/its
P: +61 8 9261 8412 F: +61 8 9261 8486
P: (Reception) +61 8 9261 8420 E-mail:
M: TBA jeremy.saunders@xxxxxxxxxxx
From: Saravanan Srinivasan <sarav2k@xxxxxxxxx>
To: thin@xxxxxxxxxxxxx
Date: 11/01/2008 06:39 AM
Subject: [THIN] Re: need some help....
Try this. Configure the user to access VPN using a vpn logon point and the
default page should be your WI page for apps. Create a end point scan for
domain ID and a filter with this scan.
Now when you create access policy for VPN use this filter.
If the user is using Company pc \ laptop which has joined domain, it gives
SSL vpn otherwise only the WI page.
The key is the end point scan and filter depends on your checking...
"Chad Schneider (IT)" <Chad.M.Schneider@xxxxxxxxxxxxx> wrote:
CAG AAC
What if, I wanted to configure this, so a user with a corporate laptop,
can access via the SSL VPN, but if that same user connected from, say,
their home PC, they would only get published apps. and such?
It appears you EITHER get VPN OR the logon point info.
I know I am missing a simple setting here.
Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
