List 2–21Access Control Service Trustzone - Rules - Identity Matching Basic – section Basic Matching

Parameter

Description

 

 

Policy Matching

All-of-following

 

One-of-following

 

Set this option to All-of-followingif all of the identity matching parameters (basic and advanced), except the empty ones, must

 

match for a successful identity verification. If just one field does not match, the identity is not verified successfully within this policy

 

rule and the health match process will proceed with the next policy rule in the policy rule set.

 

Set this option to One-of-followingeffects that the identify verification succeeds if just one field matches.

 

Fields left empty will be ignored in both cases.

 

Note:

 

All string comparison is done case insensitive.

 

For all of the following identify matching fields applies that just one value of each field must match, for example if more than one

 

group patterns are defined, it is necessary that at least one user group must match at least on defined group pattern.

 

 

Group Patterns

Enter group patterns here. At least one user group must match at least one of these patterns for successful identity verification.

 

Be aware of using the right syntax for the group patterns: for example, MS Active Directory groups have be be entered as

 

distinguished name (for example CN=group-*, OU=my-unit,CD=mycompany,DC=at).

 

 

Net Bios

Enter the name of a NetBIOS Domain to match only users of a specific Domain.

Domain

Note:

 

 

Only available for "Current User" and "VPN" rule set

 

 

User [Login

Enter user name patterns here. A user name is the login name (without leading "DOMAIN\").

Name]

 

 

 

Networks

Enter networks here. The users peer address must be part of at least one of these networks.

Allowed OS Versions

Name

OS Versions

Service Pack Major Number

Service Pack Minor Number

Minimum Build Number

Policy on OS

Define allowed or explicitly denied client OS version here. The OS Versions parameter needs to be one of the listed Microsoft Windows Versions.

The Service Pack Major Number and the Service Pack Minor Number are the service pack numbers of the client OS. The Minimum Build Number needs to be the OS build number and is checked only, if Policy on OS was set to This-One-Or-Newer.

Possible values for Policy on OS field are

Exact-This-One

the client OS must match OS Version, Service Pack Major Number, and Service Pack Minor Number.

Explicit-Deny

If the clients OS matches OS Versions, Service Pack Major Number, and Service Pack Minor Number, then the current policy rule will be ignored for the current match, and health evaluation process proceeds with the next policy rule in the policy rule set.

This-One-Or-Newer

In this case, the client OS must be identically equal to OS version. The client OS service pack major and minor number and its build number need to be equal or greater than those defined here.

Hostnames Enter hostnames here. Patterns may be used.

29 Barracuda NG Network Access Client - Administrator’s Guide

Page 30 Page 32
Page 31
Image 31
Barracuda Networks VERSION SP4 manual Policy Matching All-of-following One-of-following, Group Patterns, Net Bios, Domain
Page 30 Page 32
Top Page Image Contents