Post Reply
   
Access Policy in NAVAN CNX 2000
smital_matrix

Posts: 14

Joined: 01 Feb 2013 10:30

26 May 2014 16:12

Access Policy in NAVAN CNX 2000

Navan’s access policy is a security feature that enables you to frame policies that allow or restrict Internet access to a specific list of LAN users.



You can frames policies to deny user’s access to the Internet on the basis of:





  • Websites searched by URL address


  • Websites searched by Keywords


  • Applications accessed on the basis of destination IP address


  • Applications accessed on the basis of destination ports




You can also assign policies to allow users to access the internet on basis of:





  • Applications accessed on the basis of destination IP address


  • Applications accessed on the basis of destination ports




To apply these policies you can filter out the LAN users on the basis of:





  • MAC address


  • IP Address




Create an Access Policy:



Click the Firewall & Security tab.



On the left navigation bar, Click on Access policy as shown in below snap







You will have to add a policy for this, click on Add tab.



In the Policy name you can give any name so as to differentiate with other policies



You can specify the LAN users on the basis of:





  • MAC Address List


  • IP Address List


  • IP Address Range




If you select MAC Address List in the Apply to field, then you will have mention the unique MAC address of the devices that are connected to NAVAN via LAN. You can enter up to 10 MAC address here.



IP address list is the list of the individual IP addresses of the LAN users. You can enter up to 10 IP address in this list.



You can define the range of IP addresses by selecting the IP address range.







To deny the access of internet to the users, select Denied in the Access Permission. As you select Denied following options will appear:







Website Denied by URL Address [Max possible entry per policy=10]



Website blocking on Keyword [Max possible entry per policy=10]



Denied Destination IP Address [Max possible entry per policy=10]



Denied Application By Port [Max possible entry per policy=10]







Scenario 1:



Follow the steps to block Facebook website:



Go to Website Denied by URL Address; enter the URL of the websites into Blocked Websites URLs. Here it is www.facebook.com.



Go to Website blocking on Keyword, enter the required keyword you want to block. Here it is Facebook.







If you configure only URL then user can access Facebook web site with different URL like www.fb.com because NAVAN will match the URL only. To avoid multiple URL entry for one site you need to configure web site URL as well as Key word.



For any further query please contact MATRIX SUPPORT.