The following will show how to configure a device control rule to allow computers to use wireless outside the organization with or without VPN and block the WIFI devices when the computer is in the corporate network (connected via cable).
Go to Policy Catalog, edit the agent configuration->corporate connectivity.
Under "corporate VPN Detection" choose an IP Address and port that is available only when connecting via VPN.
Go to Policy Catalog, edit the agent configuration->corporate connectivity.
Under "corporate VPN Detection" choose an IP Address and port that is available only when connecting via VPN.
Network Adapter is unmanaged by default, so you need to change it to Managed.
Go to DLP Policy Manager->Policy Assignment
Under your policy click on edit (Policy Setting)
Go to DLP Policy Manager->Policy Assignment
Under your policy click on edit (Policy Setting)
Setting->Device Classes
Under Device Class name choose Network Adapter and click add
Click Save
Under Device Class name choose Network Adapter and click add
Click Save
Now we will create the Wifi Definition:
Go to DLP Policy-> Definition-> Device Definitions
Go to DLP Policy-> Definition-> Device Definitions
Action-> New -> Plug and play Device Definition
|
|
Choose a name for the WIFI Definition
On the right, click on Device class and choose "Network Adapter (Unmanaged)" or "Modems/Faxes"
Note: Don't worry about the "(Unmanaged)" we already changed it to Managed by the Rule Set
On the right click on "Device Friendly Name " and write all the patterns that WIFI devices can include in your organization.
Note: The picture shows my recommendation
On the right, click on Device class and choose "Network Adapter (Unmanaged)" or "Modems/Faxes"
Note: Don't worry about the "(Unmanaged)" we already changed it to Managed by the Rule Set
On the right click on "Device Friendly Name " and write all the patterns that WIFI devices can include in your organization.
Note: The picture shows my recommendation
Now we will create a rule to allow Wifi for laptops
Go to Rule set
Action -> New Rule -> Plug And Play Device Rule
Write a Name, click Ok to finish
Go to Rule set
Action -> New Rule -> Plug And Play Device Rule
Write a Name, click Ok to finish
Click on the new rule set
Status Enable
DLP Version 10 - Choose Windows, remove MAC and choose severity level
Under Condition choose which Users the rule will applied to
Choose the WIFI Definition we created
If you need more exceptions, configure it on the exceptions tab
Status Enable
DLP Version 10 - Choose Windows, remove MAC and choose severity level
Under Condition choose which Users the rule will applied to
Choose the WIFI Definition we created
If you need more exceptions, configure it on the exceptions tab
Under Reaction Choose the following:
Computer connected to corporate network:
Prevent Action - Block
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
Computer disconnected from the corporate network:
Prevent Action - No Action
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
Computer connected to corporate network using VPN:
Prevent Action - Block
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
Computer connected to corporate network:
Prevent Action - Block
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
Computer disconnected from the corporate network:
Prevent Action - No Action
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
Computer connected to corporate network using VPN:
Prevent Action - Block
User Notification: choose the popup to the user
Report Incident: choose if you want an incident or not
