3com DUA1550-0AAA02 Manuel D’Utilisation
3Com Network Access Manager Overview
13
3Com EFW Policy
Support
3Com Network Access Manager provides support for 3Com EFW Policy
Server v2.5, which adds the concept of user-based Embedded Firewall
(EFW) policies rather than just NIC-based EFW policies. For example, the
policy which is downloaded to the EFW can be specific to the user logged
into the PC and not just the PC itself. 3Com Network Access Manager
enables the network administrator to define an EFW Policy for each user
in Active Directory. The EFW Policy Server then queries Active Directory to
determine the profile for each user and replies to the EFW with the
relevant configuration.
Server v2.5, which adds the concept of user-based Embedded Firewall
(EFW) policies rather than just NIC-based EFW policies. For example, the
policy which is downloaded to the EFW can be specific to the user logged
into the PC and not just the PC itself. 3Com Network Access Manager
enables the network administrator to define an EFW Policy for each user
in Active Directory. The EFW Policy Server then queries Active Directory to
determine the profile for each user and replies to the EFW with the
relevant configuration.
Through 3Com Network Access Manager, the network administrator can
change an EFW policy at the same time as the port security settings,
speeding up the configuration of the network. The EFW policy is not
returned in any RADIUS response.
change an EFW policy at the same time as the port security settings,
speeding up the configuration of the network. The EFW policy is not
returned in any RADIUS response.
To ensure that 3Com Network Access Manager and the 3Com EFW Policy
Server operate together, the following steps must be followed using
3Com Network Access Manager:
Server operate together, the following steps must be followed using
3Com Network Access Manager:
■
Define each EFW policy in 3Com Network Access Manager, see
“Creating A New EFW Policy” in Chapter 3. 3Com Network Access
Manager creates the EFW policy as an Active Directory object.
“Creating A New EFW Policy” in Chapter 3. 3Com Network Access
Manager creates the EFW policy as an Active Directory object.
■
Associate the EFW policy with rules created in 3Com Network Access
Manager. This can be done during the creation of a new rule, or after
a rule has been created, see “Creating A New Rule” and “Changing
Rule Properties”in Chapter 3.
Manager. This can be done during the creation of a new rule, or after
a rule has been created, see “Creating A New Rule” and “Changing
Rule Properties”in Chapter 3.
■
Make sure that appropriate users and groups have been associated
with each rule associated with the EFW policy, see “Displaying
Members Of A Rule” in Chapter 3.
with each rule associated with the EFW policy, see “Displaying
Members Of A Rule” in Chapter 3.
Any changes to EFW policy associations must be made through the 3Com
Network Access Manager user interface. 3Com Network Access Manager
will not recognize any externally made changes.
Network Access Manager user interface. 3Com Network Access Manager
will not recognize any externally made changes.
After making any change that might affect the EFW policy of a user, the
EFW group associations must be recalculated for the user, this is done by
clicking the Recalculate EFW membership button on the Tool bar at the
top of the Administration Interface window, see Figure 14 in Chapter 3.
Examples of changes that might affect the EFW policy of a user are:
EFW group associations must be recalculated for the user, this is done by
clicking the Recalculate EFW membership button on the Tool bar at the
top of the Administration Interface window, see Figure 14 in Chapter 3.
Examples of changes that might affect the EFW policy of a user are:
■
if a user’s properties are changed, the correct rule association has to
be re-established. Clicking on the Recalculate EFW membership
button will cause 3Com Network Access Manager to find the highest
be re-established. Clicking on the Recalculate EFW membership
button will cause 3Com Network Access Manager to find the highest