en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

Enforcement

Navigate to the Enforcement menu on EPRS, located on the Policies tab. You can configure enforcement policies, as well as settings for Client Groups and Clients. If you have an environment with more than one firewall in it, you can manage the enforcement at two levels: globally and on the firewall. By selecting the global node, you can configure and make changes across all the firewalls in your environment. By selecting an individual firewall you can configure and make changes that apply only to that particular unit.

 
* 
NOTE: Note that when the global node is selected, the command options are Policies and Client Groups. When an individual node or firewall is selected, the Client command option is also available.

Topics:

Policies

Content Filtering Client includes a Default Desktop Policy and a Default Mobile Policy that you can access from the Enforcement > Policies page. The Default Desktop and Default Mobile policies provide standard settings for content filters. These policies are configured to be moderately strict and are suitable for use with most Content Filtering Clients. They cannot be edited or deleted.

You can create a new policy or clone one from an existing policy, such as the Default Desktop Policy. Cloning the Default Desktop Policy or an existing policy is recommended. Then edit specific fields within the cloned policy. This is an effective way to create a new policy that is similar to an existing policy.

Note that the client does not assign a content filtering policy to the Default Desktop Policy. Content filtering policies are assigned only to the Default Mobile Policy.

 
* 
NOTE: When all settings are left as the default settings, all desktop devices acquire the policies as defined in the Default Desktop Policy. Likewise, all mobile devices, such as a laptop, acquire the policies defined in the Default Mobile Policy.
To clone a policy or add a new policy:
1
Navigate to the Enforcement > Policies page and choose either the global node or a specific firewall for the policy.
2
To clone an existing policy, click the Clone icon under Configure in the row for the policy that you want to clone. To create a new policy, click Add New Policy.

 
* 
NOTE: The contents are slightly different between a new policy and cloned policy so you may see slight differences in the screen captures. The pages, tabs and fields are the same though.
3
On the General tab, input or change the name of the Policy in the Name field.
4
Add descriptive information about the policy in the Comments field.
5
Under the Version Settings section, select the desired Version (specific release) from the drop-down list. This allows the policy to be configured for a specific version. You can select General Release, Early Release, Alpha or Beta.
6
Select the Content Filter tab.

7
Select the Default local policy from the drop-down menu.
8
Select a Scheduled policy from the drop-down list. A scheduled policy is one that has a Schedule associated with it. If a Schedule is selected and the schedule matches the time, the policy is used for enforcement during the specified window of time. If a scheduled policy is not selected, the default would apply all the time. Note that only policies with a schedule set appear in this drop-down list.
9
Click OK.

Client Groups

Administrators can configure client groups on the Enforcement > Client Groups page. You can edit existing client groups or create new client groups. The Default Client Group can be edited, but cannot be deleted.

All clients requesting a policy for the first time are automatically added to the Default Client Group and are served with the policy defined for this group. The administrator can move a client to a different client group after the client is initially added to the Default Client Group.

 
* 
NOTE: All desktop devices acquire the policies as defined in the Default Desktop Policy. All mobile devices, such as a laptop, acquire the policies defined in the Default Mobile Policy. If you would like to modify the service associated with the client defined default policy, you must clone the Default Desktop or Mobile Policy, then add/remove the services that the default client groups contain.

The Enforcement > Client Groups page is available on the Policies tab.

Topics:

About the Client Groups List

The Client Groups list has several tools that are useful for finding and managing client group information. At the top of the list is a search function. Refer to Searching Client Groups for information on using the search.

The following table describes the columns in the Client Groups list.

 

Name

Represents the client groups that have been defined.

Type

Indicates what kind of group this is. Options include User Group, Organizational Unit, or Host.

Desktop Policy

Indicates which desktop policy is being applied to the group.

Mobile Policy

Indicates which mobile policy is being applied to the group.

Comments

If a green comments icon is present, indicates additional information about the Client Group. Hold your cursor over the icon and the comment pops up.

Directory

Indicates the source for the Users information. The options are LDAP or Google (for Google Directory).

Configure

Shows the edit and delete icons so you can change or delete the client group.

Searching Client Groups

The Client Groups Search function is useful if you have a large number of client groups and need find a specific one. The function can search for text in the Name, Type, Desktop Policy, Mobile Policy or Directory fields. To search for a specific user group, choose the node that you want to search. On the Policies tab, select Enforcement > Client Groups.

To search for a client group:
1
Select the client group field to be searched. You can select either the Name, Type, Desktop Policy, Mobile Policy, or Directory fields.
2
To specify the type of match, choose from the following:
Equals—The entire field must match the text you provide.
Starts with—The field must start with the text you provide.
Ends with—The field must end with the text you provide.
Contains—The field must contain the text you provide.
3
In the blank field, type in the text that you want to search for.
4
Click Search.
5
Click Clear to return the search fields to their default values and clear the text field.

Adding or Editing Client Groups

To add or edit a client group:
1
On the Policies tab, navigate to the Enforcement > Client Groups page.
2
To add a new client group, click Add New Client Group. To edit an existing client group, click the Edit icon in the Configure column for the client group you want to edit. The Add Client Group window displays.

3
Type a descriptive name into the Group Name field
4
In the Comment field, enter a descriptive comment.
5
Select a policy for the group from the Desktop Policy drop-down list. All existing policies are available for selection.
6
Select a policy for the group from the Mobile Policy drop-down list. All existing polices are available for selection.
7
Click OK to complete.

Deleting Client Groups

You can delete one or more host-based client groups on the Enforcement > Client Groups page.

To delete one or more client groups:
1
On the Policies tab, navigate to the Enforcement > Client Groups page.
2
The delete options are:
To delete all client groups except the default, check the box next to the Name column heading, then click Delete Client Group(s) at the bottom of the page.
To delete multiple client groups, check the box next to each one you want to delete and click Delete Client Group(s).
To delete a single client group, click the trash can icon in the same row, or check the box next to it and then click Delete Client Group(s).
 
* 
NOTE: The Default Client Group and User Group-based Client Groups cannot be deleted so they have a grayed-out icon Trash icon.

When Client Groups with clients are deleted:

It does not allow you to delete, but prompts you to move the users to another client group.
A tool tip get a message warning that the client groups cannot be deleted. The warning message shows the relationship between the client group to the clients. Then you can take corrective action based on the comments provided.

Clients

Administrators can configure clients on the Enforcement > Clients page. You can delete clients, move clients from one client group to another, and block or unblock clients. You can also use the Search function to search for clients.

Administrators can select a custom policy for the Default Client Group, or leave the Default Policy configured. The administrator can move a client to a different client group after the client is initially added to the Default Client Group.

Topics:

Searching for Clients

The Clients Search area at the top of the page provides a way to search the list of clients. This is useful if you have a number of clients and need to find one or more with a specific value in the Host Name, Host IP, Client Group, or Last Contacted field.

To search for a client:
1
Navigate to the Enforcement > Clients.
2
Select the client field to be searched from the drop down list. You can select the Host Name, Client Group, Client Version, Allowed, or Client Users.

3
To specify what part of that field to match against, choose among the following operators:
Equals – The entire field must match the text you provide.
Starts with – The field must start with the text you provide.
Ends with – The field must end with the text you provide.
Contains – The field must contain the text you provide.
4
In the blank field, type in the text or value that you want to search for.
5
Click Search.
6
Click Clear to return the search fields to their default values and clear the text field

Deleting Clients

You can delete one or more clients from the Clients table on the Enforcement > Clients page.

To delete one or more clients:
1
On the Policies tab, navigate to the Enforcement > Clients page.
2
The delete options are:
To delete all clients, check the box next to the Host Name column heading, then select Delete Client(s).
To delete multiple clients, check the box next to each one you want to delete, then click Delete Client(s).
To delete a single client, click the trash can icon in the same row, or check the box next to it and then click Delete Client(s).
3
Click OK in the confirmation dialog box.

Moving Clients

Moving clients allows you to move a Client to a different Client Group. Moving clients is only supported for Host-based groups.

To move clients:
1
On the Policies tab, navigate to the Enforcement > Clients page.
2
Check the box next to the clients you want to move.
3
Click the Move Client(s) link at the bottom of the page.

4
When the pop-up window displays asking you to select the destination client group, select the option you want.
5
Select OK.

Blocking Clients

The administrator can prevent clients from accessing the Internet by using the Block Client(s) function.

To block one or multiple clients:
1
On the Policies tab, navigate to the Enforcement > Clients page.
2
Check the box next to the clients you want to block.
3
Click the Block Client(s) link at the bottom of the page. You will be asked to confirm blocking these clients.
4
When the confirmation message appears, click OK.

Under the Allowed column the green check box turns into a red X, indicating those clients have been blocked.

Blocking allows the client to recover the licenses back into the pool. After a blocked client gets a policy update from client, EPRS wipes all content filter policies from the client machine. From this point on, the client system has no content filter protection. If this client is behind a firewall that is enforcing client content filtering, then this client is not allowed to access the Internet.

Unblocking Clients

Unblocking clients allows the client to receive content filter protection. Unblocking the client also allows access to the Internet if it is a client behind a firewall enforcing client content filtering.

To unblock one or multiple clients:
1
On the Policies tab, navigate to the Enforcement > Clients page.
2
Check the box next to the clients you want to unblock.
3
Click the Unblock Client(s) link at the bottom of the page.
4
When the confirmation message appears, click OK.

Under the Allowed column the red X turns into a green check mark, indicating those clients have been unblocked.