Policy Manager FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
 
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:FAQs]]
[[Category:FAQs]]
=== When should I create a policy? ===
=== When should I create a new policy? ===


You should create a new policy when you want to apply different rules to different users. For more information, see [[Policy_Manager#Deciding When To Use Multiple Virtual Policies|Deciding When To Use Multiple Virtual Policies]].
You should create a new policy when you want to apply different rules to different users. For more information, see [[Policy_Manager#Deciding When To Use Multiple Virtual Policies|Deciding When To Use Multiple Virtual Policies]].
Line 9: Line 9:




=== I'm using Untangle's OpenVPN application, do I need to create racks for the VPN users? ===
=== I'm using NG Firewall's OpenVPN application. Do I need to create policies for the VPN users? 💡 ===
You do not have to create extra virtual racks to use OpenVPN; by default its traffic will go through the Default Rack. You can use the [[Firewall]] to allow or deny VPN users access to resources, or if you prefer you can create a new rack only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Rack" as the target rack.
You do not have to create extra policies to use OpenVPN; by default its traffic will go through the Default Policy. You can use the [[Firewall]] app o allow or deny VPN users access to resources, or if you prefer you can create a new policy only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Policy" as the target policy.


=== I only want to scan inbound email traffic, not outbound. Do I need to create a new rack? ===
=== I only want to scan inbound email traffic, not outbound. Do I need to create a new policy? ===
No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in [[Spam Blocker]], however we highly recommend against it.
No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in [[Spam Blocker]], however we highly recommend against it.

Latest revision as of 22:10, 14 September 2023

When should I create a new policy?

You should create a new policy when you want to apply different rules to different users. For more information, see Deciding When To Use Multiple Virtual Policies.

Can I use my existing Active Directory groups to create policies for different groups of users?

Yes, if you're using Directory Connector to authenticate against Active Directory you can create policies by username or group name. Simply set up the policy to your liking, click Users, and you will be able to select your users and groups from the list.


I'm using NG Firewall's OpenVPN application. Do I need to create policies for the VPN users? 💡

You do not have to create extra policies to use OpenVPN; by default its traffic will go through the Default Policy. You can use the Firewall app o allow or deny VPN users access to resources, or if you prefer you can create a new policy only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Policy" as the target policy.

I only want to scan inbound email traffic, not outbound. Do I need to create a new policy?

No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in Spam Blocker, however we highly recommend against it.