You can configure
NetScaler Gateway to check if a user device meets certain security requirements
before a user logs on. This is called a
preauthentication policy. You can configure NetScaler
Gateway to check a user device for antivirus, firewall, antispam, processes,
files, registry entries, Internet security, or operating systems that you
specify within the policy. If the user device fails the preauthentication scan,
users are not allowed to log on.
If you need to
configure additional security requirements that are not used in a
preauthentication policy, you configure a session policy and bind it to a user
or group. This type of policy is called a
post-authentication policy, which runs during the user
session to ensure the required items, such as antivirus software or a process,
is still true.
When you configure a
preauthentication or post-authentication policy, NetScaler Gateway downloads
the Endpoint Analysis Plug-in and then runs the scan. Each time a user logs on,
the Endpoint Analysis Plug-in runs automatically.
You use the
following three types of policies to configure endpoint policies:
You can incorporate
detected information into policies, enabling you to grant different levels of
access based upon the user device. For example, you can provide full access
with download permission to users who connect remotely from user devices that
have current antivirus and firewall software requirements. For users connecting
from untrusted computers, you can provide a more restricted level of access
that allows users to edit documents on remote servers without downloading them.
performs the following basic steps:
Attention: The instructions for creating endpoint analysis policies are
general guidelines. You can have many settings within one session policy.
Specific instructions for configuring session policies might contain directions
for configuring a specific setting; however, that setting can be one of many
settings that are contained within a session profile and policy.