User manual NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 SCENARIOS 2009

[. . . ] novdocx (en) 17 September 2009 Access Manager 3. 1 SP2 Beta 1 Scenarios December 21, 2009 Novell® The following scenarios have been designed to introduce you to the new features in Access Manager 3. 1 SP2. Section 1, "Linux Access Gateway Appliance Scenarios, " on page 1 Section 2, "Timeout Per Protected Resource Scenarios, " on page 5 Section 3, "Access Gateway Service Scenarios, " on page 10 Section 4, "SSL VPN Server Scenarios, " on page 11 1 Linux Access Gateway Appliance Scenarios Section 1. 1, "Installing the SLES 11 Version, " on page 1 Section 1. 2, "Upgrading the Linux Access Gateway Appliance, " on page 2 Section 1. 3, "Migrating a SLES 9 Access Gateway to SLES 11, " on page 3 Section 1. 4, "Configuring Timeout Per Protected Resource, " on page 5 1. 1 Installing the SLES 11 Version This beta scenario introduces you to the new Access Gateway Appliance which is built on SUSE® Linux Enterprise Server (SLES 11). The SLES 11 version of the Access Gateway Appliance supports newer hardware, and SLES 11 is a supported operating system that provides security updates. The previous version of the Access Gateway Appliance is built on SLES 9 SP3. [. . . ] 3b Create a Category and Application named test 3c Create an Application Definition for an AbsoluteFile with the following attributes and values: Name: c:\test\test1. exe Version: 2 HashMD5: 253627d4dbb0e7a177a2b1a0e0ba8ae8 3d Click OK on each page and save the policies. 3e Create similar policies for other application definitions such as process and service. 3f Create similar policies for Linux* and Macintosh*. 4 Enable some of the categories and applications and disable others. 5 Click OK, then update the SSL VPN server. 6 Click SSL VPNs > Edit > Client Integrity Check Policies. 7 Click Export to export the file, specify a name, then save the file. 9 Click OK, then update the SSL VPN server. 10 Click SSL VPNs > Edit > Client Integrity Check Policies. 12 Access Manager 3. 1 SP2 Beta 1 Scenarios novdocx (en) 17 September 2009 11 Click Import, browse to the file, then click OK. 12 Verify that all the policies, including the default policy and the policies you created have been imported with the correct application definition. 4. 1. 4 Test Results The exported Client Integrity Check policies should be imported with the correct application definitions and enabled/disabled status. 4. 1. 5 Troubleshooting Tips Did you click OK on each step to save the newly created policy?Clicking Cancel after defining a policy results in the loss of that definition from the export file. By default, the newly created category is disabled and the application is enabled. 4. 2 Configuring Client Cleanup Options The Access Manager 3. 1 SP2 provides an option in the Administration Console to control the desktop cleanup options for the SSL VPN users. You can configure the following client cleanup options: Clear Browser Private Data Clear Java Cache Uninstall Enterprise Mode Leave Behind the Client Components Uninstall ActiveX control (for Internet Explorer* users only) You set the default values for the cleanup options for the SSL VPN users when they log out. Based on these settings, the SSL VPN user can have some options enabled and others disabled. You can allow or deny the user the ability to override the default settings. The combination of these two settings enables you to control the cleanup options for the SSL VPN users. 4. 2. 1 Assumptions You know the options that the users should not be allowed to control and the options that the users can be allowed to configure. 4. 2. 3 Procedure 1 Log in to the Administration Console. 2 Click Devices > SSL VPNs > Edit > Client Policies. Access Manager 3. 1 SP2 Beta 1 Scenarios 13 novdocx (en) 17 September 2009 3 In the Client Cleanup Options section, configure default values and configure whether the user can modify the default. By default Java Cache Cleanup and Clear Browser Private Data options are enabled and the Allow User to Override option is enabled for all options. [. . . ] 7 Click OK twice, then update the SSL VPN server. 8 From a client, establish a SSL VPN connection using port 80. The operating system translates the request for port 80 to port 8080 before sending it to Tomcat. 4. 7. 4 Test Results An SSL VPN client can connect using port 80 rather than port 8080. [. . . ]