Policy Manager FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
Line 9: Line 9:




=== I'm using NG Firewall's OpenVPN application, do I need to create policies for the VPN users? ===
=== I'm using NG Firewall's OpenVPN application. Do I need to create policies for the VPN users? ===
You do not have to create extra policies to use OpenVPN; by default its traffic will go through the Default Policy. You can use the [[Firewall]] to allow or deny VPN users access to resources, or if you prefer you can create a new rack only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Policy" as the target policy.
You do not have to create extra policies to use OpenVPN; by default its traffic will go through the Default Policy. You can use the [[Firewall]] app o allow or deny VPN users access to resources, or if you prefer you can create a new policy only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Policy" as the target policy.


=== I only want to scan inbound email traffic, not outbound. Do I need to create a new rack? ===
=== I only want to scan inbound email traffic, not outbound. Do I need to create a new rack? ===
No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in [[Spam Blocker]], however we highly recommend against it.
No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in [[Spam Blocker]], however we highly recommend against it.

Revision as of 16:39, 19 September 2022

When should I create a new policy?

You should create a new policy when you want to apply different rules to different users. For more information, see Deciding When To Use Multiple Virtual Policies.

Can I use my existing Active Directory groups to create policies for different groups of users?

Yes, if you're using Directory Connector to authenticate against Active Directory you can create policies by username or group name. Simply set up the policy to your liking, click Users, and you will be able to select your users and groups from the list.


I'm using NG Firewall's OpenVPN application. Do I need to create policies for the VPN users?

You do not have to create extra policies to use OpenVPN; by default its traffic will go through the Default Policy. You can use the Firewall app o allow or deny VPN users access to resources, or if you prefer you can create a new policy only for OpenVPN users. Furthermore, if you do not want OpenVPN traffic filtered at all, create a rule for all OpenVPN clients and select "No Policy" as the target policy.

I only want to scan inbound email traffic, not outbound. Do I need to create a new rack?

No - by default, outbound email traffic is not scanned. If you would like it to be, this option is available in Spam Blocker, however we highly recommend against it.