beautypg.com

Security policy details, Basic information area, Isolation mode area – H3C Technologies H3C Intelligent Management Center User Manual

Page 139

background image

123

{

Deploy ACLs to Access Device—Isolates smart devices by ACLs. The ACLs must be supported on

non-HP ProCurve devices.

{

Deploy ACLs to iNode Client—Isolates smart devices by using iNode client ACLs. This
parameter is not supported in the security policy for smart devices.

{

Deploy VLANs to Access Device—Isolates smart devices by VLANs.

Security ACL or VLAN—The ACL or VLAN applied to smart devices that pass the security check.

Isolation ACL or VLAN—The ACL or VLAN applied to smart devices that fail the security check.

Service Group—Service group for the security policy.

Modify—Click the Modify icon

to modify settings of the security policy.

Delete—Click the Delete icon

to delete the security policy.

Security policy details

The security policy details page has the following areas:

Common Configuration—Basic information about the security policy and the isolation mode
configuration.

PC—Security check items for PCs.

Smart Device—Security check items for smart devices.

UAM identifies the check items for smart devices from PC check items in the same security policy based

on the endpoint type and access scenario. EAD performs the security check after it is informed of the
check items by UAM.
The following information introduces security check items for smart devices. For more information about

configuring security check items for PCs, see "

3 Configuring the security check for PCs

."

Basic Information area

The basic information area has the following parameters:

Policy Name—Unique name of the security policy.

Service Group—Service group for the security policy.

Security Level—Security level used by the security policy. Click the security level name to view

detailed information.

Description—Description of the security policy.

The following parameters are not supported in the security policy for smart devices:

Monitor in Real Time

Process After

Set as Default Policy for Roaming Users

Check Passed Message

Isolation Mode area

The isolation mode area has the following parameters:

Configure Isolation Mode—Indicates whether an isolation mode is configured. If this option is not
selected, the security policy does not have an isolation mode. If this option is selected, the security
policy uses the Deploy ACLs to Access Device or Deploy VLANs to Access Device isolation mode.

The security check for smart devices does not support deploying ACLs to the iNode client.

See also other documents in the category H3C Technologies Safety: