asp.net pdf reader : Change font size in pdf text box control Library system azure asp.net windows console j-sa-sslvpn-7.1-adminguide34-part753

3.
UnderRuleSettings,choosePredefined:FirewallandclickAdd.
4.
EnteraRuleNameforthefirewallrule.
5.
Selectyourfirewallvendor(s)andproduct(s)byusingeithertheRequireany
supportedproductorRequirespecificproducts/vendorsoptionbuttons.
Requireanysupportedproductallowsyoutocheckforanyproduct(ratherthan
requiringyoutoselecteveryproductseparately).Thisoptionbuttonrevealsalistof
productsintheremediationsectiontoallowyoutoenableremediationoptionswhich
areproductspecific.
WhenyouaddanavailableproducttoSelectedProducts,theremediationoption
appears,andyoucandetermineiftheremediationoptionisavailableforyourselected
firewall.
Requirespecificproducts/vendorsallowsyoutodefinecompliancebyallowingany
productbyaspecificvendor(forexample,anySymantecproduct).
Requirespecificproductsprovidesfunctionalitythatallowsyoutoselectindividual
productstodefinecompliance.
Afteryouselectyourvendor(s)andproduct(s),theremediationoptionswillappear
onthepage.TheTurnonFirewallcheckboxisactive(clickable)iftheactionis
supportedforyourproduct.
6.
Ifyourfirewallissupported,selectthecheckboxtoTurnonFirewall.
7.
UnderOptional,selectMonitorthisruleforchangeinresulttocontinuouslymonitor
thepolicycomplianceofendpoints.Ifthischeckboxisselected,andachangein
compliancestatusonanendpointthathassuccessfullyloggedinoccurs,Secure
Accessinitiatesanewhandshaketore-evaluaterealmorroleassignments.
8.
ClickSaveChangestosavethefirewallruleandenforcefirewallremediation.
9.
Optionallyaddadditionalrulestothepolicy,specifyhowHostCheckershouldevaluate
multipleruleswithinthepolicy,anddefineremediationoptions.
Related
Documentation
CreatingandConfiguringNewClient-sideHostCheckerPoliciesonpage300
ImplementingHostCheckerPoliciesonpage331
ConfiguringaPredefinedAntiSpywareRule(WindowsOnly)
YoucanconfigureHostCheckertocheckforinstalledantispywareonendpoints.
AfteryouenforcetheHostCheckerrule,ifanendpointattemptstologinwithoutthe
requiredspyware,theHostCheckerrulewillfail.
Theoptionisnotsupportedforallspywareproducts.Allavailableproductsaredisplayed
byusingtheRequireanysupportedproductorRequirespecificproducts/vendorsoption
buttons.
305
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
Change font size in pdf text box - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
pdf page size dimensions; change paper size in pdf
Change font size in pdf text box - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
adjust pdf size; pdf change font size
ToconfigureaHostCheckerPredefinedSpywarerule:
1.
Intheadminconsole,selectAuthentication>EndpointSecurity>HostChecker.
2.
CreateanewpolicyorclickanexistingpolicyinthePoliciessectionofthepage.
3.
UnderRuleSettings,choosePredefined:AntiSpywareandclickAdd.
4.
EnteraRuleNameforthefirewallrule.
5.
Selectoneofthefollowingoptions:
SelecttheRequireanysupportedproductoptionbuttontocheckforanyproduct
(ratherthanrequiringyoutoselecteveryproductseparately).
SelecttheRequirespecificproducts/vendorsoptionbuttontospecifythespyware
thatyouwanttocheckfor.
ChooseeithertheRequireanysupportedproductfromaspecificvendoror
Requirespecificproductstospecifyspyware.
AddantispywarefromAvailableProductstoSelectedProducts.
6.
UnderOptional,selectMonitorthisruleforchangeinresulttocontinuouslymonitor
thepolicycomplianceofendpoints.Ifthischeckboxisselected,andachangein
compliancestatusonanendpointthathassuccessfullyloggedinoccurs,Secure
Accessinitiatesanewhandshaketore-evaluaterealmorroleassignments.
7.
ClickSaveChanges.
8.
Optionallyaddadditionalrulestothepolicy,specifyhowHostCheckershouldevaluate
multipleruleswithinthepolicy,anddefineremediationoptions.
Related
Documentation
CreatingandConfiguringNewClient-sideHostCheckerPoliciesonpage300
ImplementingHostCheckerPoliciesonpage331
ConfiguringVirusSignatureVersionMonitoringandPatchAssessmentDataMonitoring
YoucanconfigureHostCheckertomonitorandverifythatthevirussignatures,operating
systems,softwareversions,andpatchesinstalledonclientcomputersareuptodate,
andremediatethoseendpointsthatdonotmeetthespecifiedcriteria.HostChecker
usesthecurrentvirussignaturesandpatchassessmentversionsfromthevendor(s)you
specifyforpre-definedrulesinaHostCheckerpolicy.
YoucanautomaticallyimportthecurrentVirussignatureversionmonitoringorPatch
ManagementInfoMonitoringlistsfromtheJuniperNetworksstagingsiteataspecified
interval,oryoucandownloadthefilesfromJuniperanduseyourownstagingserver.
YoucanalsoconfigureaproxyserverasastagingsitebetweenSecureAccessandthe
Junipersite.Touseaproxyserver,youentertheserversnetworkaddress,portand
authenticationcredentials,ifapplicable.
ToaccesstheJuniperNetworksstagingsiteforupdates,youmustenterthecredentials
foryourJuniperNetworksSupportaccount.
Copyright©2012,JuniperNetworks,Inc.
306
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF Text Box Edit Library: add, delete, update PDF text box in
Support to change font color in PDF text box. Ability to change text size in PDF text box. Adding text box is another way to add text to PDF page.
change font size in pdf form field; change pdf page size
C# PDF Sticky Note Library: add, delete, update PDF note in C#.net
Allow users to add comments online in ASPX webpage. Able to change font size in PDF comment box. Able to save and print sticky notes in PDF file.
pdf markup text size; best compression pdf
ToconfigureSecureAccesstoautomaticallyimportthecurrentvirussignatureversion
monitoringandpatchmanagementversionmonitoringlist(s)fromtheJuniperstaging
site:
1.
ChooseAuthentication>EndpointSecurity>HostChecker.
2.
ClickVirussignatureversionmonitoring,orPatchManagementInfoMonitoring.
3.
SelectAuto-updatevirussignatureslistorAuto-updatePatchManagementdata.
4.
ForDownloadpath,leavetheexistingURL(s)ofthestagingsite(s)wherethecurrent
list(s)arestored.ThedefaultURLsarethepathstotheJuniperNetworksstagingsite:
https://download.juniper.net/software/av/uac/epupdate_hist.xml
(forauto-updatevirussignatureslist)
https://download.juniper.net/software/hc/patchdata/patchupdate.dat
(forauto-updatepatchmanagement)
5.
ForDownloadinterval,specifyhowoftenyouwantSecureAccesstoautomatically
importthecurrentlist(s).
6.
ForUsernameandPassword,enteryourJuniperNetworksSupportcredentials.
7.
ClickSaveChanges.
Tomanuallyimportthecurrentvirussignatureversionmonitoringandpatchmanagement
versionmonitoringlist(s):
1.
ChooseAuthentication>EndpointSecurity>HostChecker.
2.
ClickVirussignatureversionmonitoring,orPatchManagementInfoMonitoring.
3.
Downloadthelist(s)fromtheJuniperstagingsitetoanetworkserverorlocaldrive
onyourcomputerbyenteringtheJuniperURLsinabrowserwindow.
https://download.juniper.net/software/av/uac/epupdate_hist.xml
https://download.juniper.net/software/hc/patchdata/patchupdate.dat
4.
UnderManuallyimportvirussignatureslist,clickBrowse,selectthelist,andthenclick
OK.
5.
ClickSaveChanges.
NOTE: Ifyouuseyourownstagingsiteforstoringthecurrentlist(s),youmust
uploadthetrustedrootcertificateoftheCAthatsignedthestaging’sserver
certificatetoSecureAccess.
Touseaproxyserverastheauto-updateserver:
1.
ChooseAuthentication>EndpointSecurity>HostChecker.
2.
ClickVirussignatureversionmonitoring,orPatchManagementInfoMonitoring.
3.
SelectAuto-updatevirussignatureslistorAuto-updatePatchManagementdata.
307
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
C# PDF Field Edit Library: insert, delete, update pdf form field
Support to change font size in PDF form. RasterEdge.Imaging.Font.dll. pdf"; String outputFilePath = Program.RootPath + "\\" Output.pdf"; List<BaseFormField
best pdf compression tool; adjust size of pdf
C# PDF Annotate Library: Draw, edit PDF annotation, markups in C#.
Support to add text, text box, text field and crop marks to PDF document. Able to edit and change PDF annotation properties such as font size or color.
change font size in pdf form; pdf change font size in textbox
4.
ForDownloadpath,leavetheexistingURL(s)ofthestagingsite(s)wherethecurrent
list(s)arestored.ThedefaultURLsarethepathstotheJuniperNetworksstagingsite:
https://download.juniper.net/software/av/uac/epupdate_hist.xml
(forauto-updatevirussignatureslist)
https://download.juniper.net/software/hc/patchdata/patchupdate.dat
(forauto-updatepatchmanagement)
5.
ForDownloadinterval,specifyhowoftenyouwantSecureAccesstoautomatically
importthecurrentlist(s).
6.
ForUsernameandPassword,enteryourJuniperNetworksSupportcredentials.
7.
SelectthecheckboxforUseProxyServer.
8.
EntertheIPAddressofyourproxyserver.
9.
EnterthePortthattheJuniperNetworksSupportsitewillusetocommunicatewith
yourproxyserver.
10.
Ifyourproxyserverispasswordprotected,typetheUsernameandPasswordofthe
proxyserver.
11.
ClickSaveChanges.
Related
Documentation
UploadingTrustedServerCACertificatesonpage752
ImplementingHostCheckerPoliciesonpage331
PatchManagementInfoMonitoringandPatchDeployment
YoucanconfigureHostCheckerpoliciesthatcheckforWindowsendpoint’soperating
systemservicepack,softwareversion,ordesktopapplicationpatchversioncompliance.
HostCheckerusesalistofthemostcurrentpatchversionsfromthevendorforpredefined
rulesintheHostCheckerpolicy.HostCheckerdoesnotscanfornon-securitypatches.
YouobtainthemostcurrentpatchversioninformationfromaJuniperNetworksstaging
site.YoucanmanuallydownloadandimportthelistintotheSASeriesSSLVPNAppliance,
oryoucanautomaticallyimportthelistfromtheJuniperNetworksstagingsiteoryour
ownstagingsiteataspecifiedinterval.
Monitoringisbasedoneitheroneormorespecifiedproductsoronspecificpatches,
thoughnotinthesamepolicy.Forexample,youcouldcheckforInternetExplorerVersion
7withonepolicy,andPatchMSOO-039:SSLCertificateValidationVulnerabilitieswith
asecondpolicy.Then,applybothpoliciestoendpointsattheroleorrealmleveltoensure
thattheuserhasthelatestbrowserversionwithaspecificpatch.Inaddition,forMicrosoft
products,youcanspecifytheseveritylevelofpatchesthatyouwishtoignore.Forexample,
youcouldignorelowormoderatethreats.
TheSASeriesSSLVPNAppliancecansendremediationinstructions(suchas.amessage
describingwhatpatchesorsoftwarearenon-compliant,andalinktowheretheendpoint
canobtainthepatch).TheSASeriesSSLVPNAppliancedoesnotautoremediateinthe
Copyright©2012,JuniperNetworks,Inc.
308
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF insert text Library: insert text into PDF content in C#.net
Powerful .NET PDF edit control allows modify existing scanned PDF text. Ability to change text font, color, size and location and output a new PDF document.
best way to compress pdf file; acrobat compress pdf
VB.NET PDF insert text library: insert text into PDF content in vb
Save text font, color, size and location changes to Other robust text processing features, like delete and remove PDF text, add PDF text box and field.
change font size in pdf comment box; change file size of pdf document
eventofanon-compliantendpoint.However,youcansendtheitemstotheclientfor
manualremediationofmanagedmachines.
WhenanendpointfirstconnectstotheSASeriesSSLVPNAppliance,thelatestversions
ofthedatafilesandlibrariesoftheIMCaredownloadedtothehostcomputer.Theinitial
checktakes10-20secondstorun,dependingonthelinkspeed.Ifthefilesareoutdated,
theyareautomaticallyupdatedatsubsequentchecks.Ifthisisthefirsttimetheendpoint
hasconnectedtoanSASeriesSSLVPNAppliancewiththepatchassessmentpolicy,
andtheconnectionisaLayer2connection,theIMCrequiredtorunthePatchAssessment
checkcannotdownload.Inthiscase,youshouldconfigurearemediationrolethatdisplays
instructionstodirecttheusertoretrywithaLayer3connectionorcontactthe
administrator.
Notethatinnon-Englishinstallations,theEnglishversionoflocalpatchesisdisplayed.
AdditionalFunctionalitywithPulse2.0
WithPulse2.0,additionalfunctionalityisprovidedforPatchInfoMonitoringand
Deployment.
EndpointswithPulse2.0thatarenotincompliancewithspecifiedpatchpoliciescanbe
updatedwiththerequiredpatchesandbroughtintocomplianceautomatically.Thisis
achievedthroughanewpatchdeploymentengine.Thepatchdeploymentengineexecutes
onendpoints,downloadsspecifiedpatches,andinstallspatchesthatarerequiredthrough
theHostCheckerpolicy.Thepatchdeploymentengineprovidesanewmeansof
remediatingendpointsthatdonotmeetthepatchassessmentpoliciesdefinedonthe
SASeriesSSLVPNAppliance.ThisfunctionalityisavailableforWindowsXP,andVista
andWindows732bitand64bitversions.
TheHostCheckerIMContheendpointinterfaceswiththepatchdeploymentengineto
downloadandinstallmissingpatchesreportedbytheIMV.Whenthepatchinstallation
iscomplete,theIMCsignalstheTNCclienttostartanewhandshakewiththeSASeries
SSLVPNAppliance,andenablestheSASeriesSSLVPNAppliancetomakeaccess
controldecisionsbasedontheresultofthehandshake.
EndpointswithoutPulse2.0canstillusethelegacybasicpatchremediationmechanism,
inwhichapre-installedSMSclientistriggeredtogetpatchesfromapre-configuredSMS
server.ThismechanisminstallsonlythosepatchesthatarepublishedontheSMSserver.
IftheSMSclientisnotinstalled,ortheserverdoesn’thostthepatchesrequiredbythe
policiesonSASeriesSSLVPNAppliance,theendpointcannotbefullyremediated.
ThepatchdeploymentengineisanexecutablefilethatishostedontheSASeriesSSL
VPNAppliance.Theexecutablecanbedownloadedtoanyendpointthatyouwouldlike
toremediate.UnliketheSMSclient,onecanspecifywhatpatchesneedtobeapplied.
Thepatchdeploymentenginedirectlydownloadsmissingpatchesfromvendorwebsites,
withoutgoingthroughtheSASeriesSSLVPNAppliance.Therefore,Internetconnectivity
isneededforShavlikremediationtowork.Thepatchdeploymentenginedoesnotwork
withLayer2withoutLayer3connectivity.YoucanconfigurearemediationVLANforpost
authentication.OnceLayer3connectivityisobtained,endpointscanremediate
successfully.WithLayer3connectivity,thepatchdeploymentenginedownloadsmissing
patches.
309
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
C# PDF Convert to Word SDK: Convert PDF to Word library in C#.net
PDF document, keeps the elements (like images, tables and chats) of original PDF file and maintains the original text style (including font, size, color, links
change paper size in pdf; change font size pdf form
VB.NET PDF delete text library: delete, remove text from PDF file
Functionality to remove text format by modifying text font, size, color, etc. Other PDF edit functionalities, like add PDF text, add PDF text box and field.
pdf file size limit; batch pdf compression
Aseparatelicenseisrequiredforpatchinfomonitoringanddeploymentfunctionality.It
isnotavailableaspartoftheendpointsolution.
AllofthefilesrequiredforpatchdeploymentareapartofaESAPpackagesbeginning
withSASeriesSSLVPNAppliancesoftwareversion7.1.ThedefaultESAPpackage
shippedwithSeriesSSLVPNAppliancesoftwareversion7.1containstherequiredpatch
deploymentfiles.AnyolderESAPpackagesfailtoupdateonthesedevices.
TheIMCandIMVforpatchmonitoringisbackwardcompatible.Sincethisfeatureis
availablefromPulse2.0onward,anewPulsecommunicatingwithanolderIMV(with
Pulsesupport),oranewIMVcommunicatingtoanolderIMCexhibitthesamebehavior
astoday.Thereshouldbenochangeinthepatchassessment,andShavlik’sdeployment
engineisnotinvokedforremediation.
UserExperience
Patchremediationcantakeagooddealoftime,andpoliciescontinuetofailuntilthe
processiscompleted.Whenanupdateisrequired,theuserisgivenanoptiontoproceed
withpatchdeployment.Iftheuserdecidesnottodeploythepatch(es)andproceed,the
usermaynothaveconnectivityormayhavelimitedconnectivity,dependingontheSA
SeriesSSLVPNApplianceadministrationconfiguration.Ifanypatchesrequireareboot
subsequenttoinstallation,theapplicationinformsHostChecker,andPulsenotifiesthe
user.Inthiscase,untilthemachineisrebooted,patchescontinuetobereportedas
missinginsubsequentpatchassessments.Ifarebootisrequired,anyfurtherpatch
deploymentisnotcarriedoutuntilthemachineisrebooted.Theuserisnotifiedifareboot
isrequired.
Pulsenotifiestheuserthatpatchesneedtobeinstalled,andprovidesstatusasthe
downloadisoccurring.Whentheinstallationiscomplete,theclientpresentsthelogin
dialogue.
UsingaSystemManagementServer
YoucanuseaSystemManagementServer(SMS)toprovideamethodforautomatic
updatestonon-compliantsoftware.
Pulse2.0cansupporteithertheSMSdownloadmethodorthepatchdeploymentengine
forpatchdeployment,dependingontheconfigurationontheSASeriesSSLVPN
Appliance.IftheSASeriesSSLVPNApplianceisconfiguredfortheSMSmethodfor
patchdeployment,theclientmachineshouldhavetheSMSclientalreadyinstalledin
themachinefordeploymenttobegin,otherwiseremediationfails.
EndpointsconfiguredwithSMSforsoftwaremanagementtypicallypolltheserverfor
updateseveryfifteenminutesorlonger.Inaworst-casescenario,clientsthatarenotin
compliancewithexistingHostCheckersoftwarerequirementsmighthavetowaituntil
thenextupdateintervaltologin.
UsingtheSMSdownloadmethod,youcanforcetheclienttoinitiatethesoftwareupdate
immediatelyafterthepatchassessmentcheck.
Ifauserattemptstologin,andtheendpointdoesnothavearequiredsoftwareversion
forcompliancewithaHostCheckerpatchassessmentpolicy,HostCheckerimmediately
Copyright©2012,JuniperNetworks,Inc.
310
JunosPulseSecureAccessServiceAdministrationGuide
notifiestheclienttopolltheserverforanimmediateupdate.Theclientreceives
notificationthatanSMSupdatehasstarted.
ToconfigureSMStoupdatetheclientwhennotified,settheadvertisementtimeonthe
SMStoAssoonaspossible.Thefollowingprocessthenoccurs:
TheSASeriesSSLVPNAppliancepatchassessmentpolicyspecifiestherequired
software.
Whenanendpointattemptstoauthenticate,HostCheckerevaluatestheclientand
sendstheresultsbacktotheSASeriesSSLVPNAppliance.
TheSASeriesSSLVPNApplianceevaluatestheresultsandsendsreasonstringsand
remediationinformationtotheclient,includingamessagethatdirectstheclientto
polltheserverforsoftwareadvertisementsimmediately.
TheSMSclientqueriestheSMSserverforsoftwareadvertisements.
Theserveridentifieswhatpatchesshouldbeadvertisedtotheclient(thisisconfigured
ontheserver,HostCheckerdoesnotinteractwiththeserver).
TheSMSclientreceivestheadvertisementandappliestherequiredpatch(es).
Youassignclientstoaparticulargrouporcollectionontheserver.ThentheSMSserver
canadvertisepatchesforthatcollection.YoucanconfigurerolesontheSASeriesSSL
VPNAppliancethatcorrespondtocollections,andSMScansendtheappropriatepatches
foraparticularrole.
YoumusthavetheSMSclientinstalledandconfiguredcorrectlyonendpoints,andthe
SMSservermustbereachable.InaLayer2network,HostCheckerisperformedbefore
theendpointisconnectedtothenetwork.HostCheckercanobtaintheIPaddressofthe
SMSserverconfiguredfortheclient.Iftheendpointisoutofcomplianceandremediation
isnecessary,HostCheckerpingstheserverIPaddressevery15secondsuntiltheserver
canbenotifiedtoupdatetheclient.
Itisimportantasanadministratortoinformusersoftheexpectedbehaviorifthisfeature
isenabled,asthereisnonotificationtotheuseruntiltheSMSsendsbackthe
advertisement.
JuniperNetworksrecommendsonlyonepatchdeploymentontheendpointatanypoint
intime.However,thereisnowaytodetermineifanSMSupdateisinprogress,andsoit
maybepossiblethatthepatchdeploymentengineisstartedwhileaSMSUpdateisalso
occurring(thiscouldhappenifPulseisconnectedtotwoICSeriesorSASeriesSSLVPN
ApplianceswithoneusingSMSremediationandtheotherusingthepatchdeployment
engine).Giventhefactthatmostpatcheswillnotallowtwoinstancestoberunning,one
oftheremediationsfail,dependingonwhichbeganfirst.
TheAdminConsoleallowsyoutoselectonlyoneoftheremediationoptions(eitherSMS
orpatchdeploymentengine)forallthepolicies.
IfPulseisconnectedtomorethanoneICSeriesorSASeriesSSLVPNAppliance,and
onerequirespatchdeploymentengineremediationandtheotherrequiresSMS
remediation,bothrequestsaremet.Ifbothrequirethepatchdeploymentenginemethod,
therequestsarequeued.
311
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
SpecifyingCustomizedRequirementsUsingCustomRules
InadditiontothepredefinedpoliciesandrulesthatcomewithSecureAccess,youcan
createcustomruleswithinaHostCheckerpolicytodefinerequirementsthatyourusers’
computersmustmeet.Usingcustomrules,youcan:
Configureremoteintegritymeasurementverifiers(IMVs)toperformcustomized
client-sidechecks.
ConfigureHostCheckertocheckforcustomDLLsthatperformcustomizedclient-side
checks.
Verifythatcertainportsareopenorclosedontheuser’scomputer.
Confirmthatcertainprocessesareorarenotrunningontheuser’scomputer.
Checkthatcertainfilesareorarenotpresentontheclientmachine.
EvaluatetheageandcontentofrequiredfilesthroughMD5checksums.
Confirmthatregistrykeysaresetontheclientmachine.
ConfirmtheNETBIOSnameoftheclientmachine.
ConfirmtheMACaddressesoftheclientmachine.
Checkthevalidityofthemachinecertificatethatisinstalledontheuser'scomputer.
NOTE: Youcanonlycheckforregistrykeys,third-partyDLLs,NETBIOSnames,
MACaddresses,andmachinecertificatesonWindowscomputers.
Tocreateaclient-sideHostCheckerpolicy:
1.
Intheadminconsole,selectAuthentication>EndpointSecurity>HostChecker.
2.
CreateanewpolicyorclickanexistingpolicyinthePoliciessectionofthepage.
3.
Clickthetabthatcorrespondstotheoperatingsystemforwhichyouwanttospecify
HostCheckeroptions—Windows,Mac,LinuxorSolaris.Inthesamepolicy,youcan
specifydifferentHostCheckerrequirementsoneachoperatingsystem.Forexample,
youcancreateonepolicythatchecksfordifferentfilesorprocessesoneachoperating
system.
NOTE: Youmustexplicitlycreatepoliciesforeachoperatingsystemyou
wanttoallow.Forexample,ifyoucreateaWindowsHostCheckerpolicy,
butdon'tcreateoneforMacorLinux,userswhosignintoSecureAccess
fromaMacorLinuxmachinewillnotcomplywiththeHostCheckerpolicy
andthereforewillnotbeabletoaccesstherealm,role,orresourceon
whichyouenforceHostChecker.
4.
UnderRuleSettings,choosetheoptionsinthefollowingsectionsandclickAdd.The
AddCustomRulepagefortheruletypeappears.
Copyright©2012,JuniperNetworks,Inc.
312
JunosPulseSecureAccessServiceAdministrationGuide
Custom:RemoteIMV—Usethisruletypetoconfigureintegritymeasurement
softwarethataclientmustruntoverifyaparticularaspectoftheclient’sintegrity,
suchastheclient’soperatingsystem,patchlevel,orvirusprotection.
3rdPartyNHCCheck(Windowsonly)—Usethisruletypetospecifythelocation
ofacustomDLL.HostCheckercallstheDLLtoperformcustomizedclient-side
checks.IftheDLLreturnsasuccessvaluetoHostChecker,thenSecureAccess
considerstherulemet.Inthe3rdPartyNHCCheckconfigurationpage:
a.
Enteranameandvendorforthe3rdPartyNHCCheckrule
b.
EnterthelocationoftheDLLonclientmachines(pathandfilename).
c.
ClickSaveChanges.
The3rdPartyNHCCheckfeatureisprimarilyprovidedforbackwards
compatibility.WerecommendthatyouuseIMCsandIMVsinstead
Ports—Usethisruletypetocontrolthenetworkconnectionsthataclientcan
generateduringasession.Thisruletypeensuresthatcertainportsareopenor
closedontheclientmachinebeforetheusercanaccessSecureAccess.InthePorts
configurationpage:
a.
Enteranamefortheportrule.
b.
Enteracommadelimitedlist(withoutspaces)ofportsorportranges,suchas:
1234,11000-11999,1235.
c.
SelectRequiredtorequirethattheseportsareopenontheclientmachineor
Denytorequirethattheyareclosed.
d.
UnderOptional,selectMonitorthisruleforchangeinresulttocontinuously
monitorthepolicycomplianceofendpoints.Ifthischeckboxisselected,anda
changeincompliancestatusonanendpointthathassuccessfullyloggedin
occurs,SecureAccessinitiatesanewhandshaketore-evaluaterealmorrole
assignments.
e.
ClickSaveChanges.
Process—Usethisruletypetocontrolthesoftwarethataclientmayrunduringa
session.Thisruletypeensuresthatcertainprocessesarerunningornotrunningon
theclientmachinebeforetheusercanaccessresourcesprotectedbySecureAccess.
IntheProcessesconfigurationpage:
a.
Enteranamefortheprocessrule.
b.
Enterthenameofaprocess(executablefile),suchas:good-app.exe.
NOTE: ForLinux,MacintoshandSolarissystems,theprocessthat
isbeingdetectedmustbestartedusinganabsolutepath.
Youcanuseawildcardcharactertospecifytheprocessname.
313
Copyright©2012,JuniperNetworks,Inc.
Chapter13:HostChecker
Forexample:good*.exe
c.
SelectRequiredtorequirethatthisprocessisrunningorDenytorequirethat
thisprocessisnotrunning.
d.
SpecifytheMD5checksumvalueofeachexecutablefiletowhichyouwantthe
policytoapply(optional).Forexample,anexecutablemayhavedifferentMD5
checksumvaluesonadesktop,laptop,ordifferentoperatingsystems.Ona
systemwithOpenSSLinstalled—manyMacintosh,LinuxandSolarissystems
haveOpenSSLinstalledbydefault—youcandeterminetheMD5checksumby
usingthiscommand:opensslmd5<processFilePath>
e.
ClickSaveChanges.
File—Usethisruletypetoensurethatcertainfilesarepresentornotpresentonthe
clientmachinebeforetheusercanaccessSecureAccess.Youmayalsousefile
checkstoevaluatetheageandcontent(throughMD5checksums)ofrequiredfiles
andallowordenyaccessaccordingly.IntheFilesconfigurationpage:
a.
Enteranameforthefilerule.
b.
Enterthenameofafile(anyfiletype),suchas:c:\temp\bad-file.txtor
/temp/bad-file.txt.
Youcanuseawildcardcharactertospecifythefilename.Forexample:
*.txt
Youcanalsouseanenvironmentvariabletospecifythedirectorypathtothe
file.(Youcannotuseawildcardcharacterinthedirectorypath.)Enclosethe
variablebetweenthe<%and%>characters.Forexample:
<%windir%>\bad-file.txt
c.
SelectRequiredtorequirethatthisfileispresentontheclientmachineorDeny
torequirethatthisfileisnotpresent.
d.
Specifytheminimumversionofthefile(optional).Forexample,ifyourequire
notepad.exetobepresentontheclient,youcanenter5.0inthefield.Host
Checkeracceptsversion5.0andabove,ofnotepad.exe.
e.
Specifythemaximumage(Filemodifiedlessthanndays)(indays)forafile
(optional).Ifthefileisolderthanthespecifiednumberofdays,thentheclient
doesnotmeettheattributecheckrequirement.
NOTE: Youcanusethemaximumageoptiontochecktheageof
virussignatures.MakesureyouspecifythepathtoafileintheFile
Namefieldwhosetimestampindicateswhenvirussignatureswere
lastupdated,suchasavirussignaturedatabaseorlogfilethat
updateseachtimethedatabaseupdates.Forexample,ifyouuse
TrendMicro,youmayspecify:
C:\ProgramFiles\TrendMicro\OfficeScanClient\TmUpdate.ini.
Copyright©2012,JuniperNetworks,Inc.
314
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested