文稿配置手冊advance

1、Mobile Access advanceChapterEnable MAB in a Security GatewayEnable the Blade in the GatewayEnable MAB in a Security GatewayDefine the clients allowed to reach the web services.Enable MAB in a Security GatewayA trusted CA can be directly imported from the wizardEnable MAB in a Security GatewayDefine

2、some basic ApplicationsEnable MAB in a Security GatewayImport users from an existing ADEnable MAB in a Security GatewayDefine initial authorized usersEnable MAB in a Security GatewayMobile Access PortalOne GW One Portal: Each Mobile Access enabled Security Gateway leads to its own Mobile Access user

3、 portal.Remote users log in to the portal using an authentication scheme configured for that Security GatewaySince R75, MAB can coexist with the SecurePlatform Configuration PortalMobile Access PortalMobile Access PortalDefine the URL by using:IP address orFDQNIf remote users enter http:/sslvpn, the

4、y will automatically be redirected to the portal using HTTPSPublic CA certificates can now be imported from the GUIDefine interfaces from which portal will be available.Authentication methodsInternal DBLDAPRADIUSACE (SecurID)CertificatesDynamicID (explained in detail later)Access to Applications Pol

5、iciesOnce remote users are authenticated (recognized and approved), Mobile Access allows the users to access the appropriate applications for that user. This process is called Authorization.Authorization is done by enforcing an access control policy in the Policy page of the Mobile Access tab. Remot

6、e users, once authenticated, can only access those applications that have been authorized for their groups. In other words, for access to be granted, Mobile Access checks for:Access rights - Does the remote user belong to a group which is allowed to access the application?Security requirements - Doe

7、s the remote user meet the security restrictions as defined in the applications Protection Level?Access to Applications PoliciesUsersApplicationsPortal Based ApplicationsProtection LevelsPredefined sets of security settings that offer a balance between connectivity and security.Mobile Access provide

8、s 3 default Protection Levels:Protection LevelsName and DescriptionProtection LevelsRequired Authentication MethodsProtection LevelsThis option allows access to the associated application only if the scanned client computer complies with the selected policyThis option requires Secure Workspace to be

9、 running on the client computerCompliance policies are defined under ESODEndpoint Compliance menuSupported ApplicationsWeb applications: set of URLs that are accessed in the same context and that is accessed via a Web browserFile shares: collection of files, made available across the network by mean

10、s of a protocol that enables actions on files.Citrix: client connectivity to internal XenApp servers.Web mail:Built-in Web mail: IMAP & SMTPOWA/iNotesWeb ApplicationsWeb ApplicationsName & descriptionSelect only if defining OWA or iNotes web accessWeb ApplicationsSingle Host (or Name)Multiple hostsA

11、llowed pathsAllowed servicesWeb ApplicationsThis option will add a visible link in the portal.Not enabling this option, will allow users to access the application bytyping its URL in the user portal, but will not have a pre-configured link to access it.Application Protection LevelUsers who have been

12、 authorized to the portal, are authorized to this application. This is the default option.Associate the Protection Level with the applicationControl information left on the clientsFile SharesTwo file share viewers area available:Web-based file viewerWindows explorer: only for IE 7 BrowsersFile Share

13、sTraking is limited to unsuccessfull access events by defaultSelect default file share viewerDefine the file share name, color and commentFile SharesTraking is limited to unsuccessfull access events by defaultSelect default file share viewerShares allowed to be accessedDefine the server(s) where the file share is File SharesTraking is limited to unsuccessfull access events by defaultSelect default file share v