Jump to content

its possible to use diff. Policies, depending on the Network

tesla

By tesla
in ESET Endpoint Products

 Share

Recommended Posts

tesla

tesla 0

Posted
Posted

Hi all,

its possible to configure policies, that they switch settings, depending on the which the endpoint is in ?

 

Example:

a Notebook is in the lokal LAN, with connection to the On-Prem ESET PROTECT Server -> Firewall is off

the same Notebook is in a private LAN Network @ home, so no connection to the local On-Prem ESET Protect Server -> Firewall turns on

 

Greeting from Germany

  • Administrators
Marcos

Marcos 5,730

Posted
  • Administrators
Posted

You can create dynamic groups for particular networks and assign specific policies to them:

image.png

tesla

tesla 0

Posted
  • Author
Posted

Hi, thanks for the fast respont.

 

I know the dyn. Groups, but lets say the Notebook is in the lokal Business Network and has connection to the On-Prem Protect Server, i can create a dyn. Group, wich the notebook joins when the network adapter has a IP Adresse from a configurated Subnet, so far so good.

But if i take the same Notebook after my shift to my home and plugg it in my Homenetwork, then it cant be swapt out off the dyn. groupe for a policie change or ? Bc i have no connection to the On Prem. Server.

 

The idea is:

we have a couple of Notebooks here, a big network with 1XXX Endpoints, X0 Networks/Subnets, 1 On-Prem Protect Server.

As long the Notebook is the company Network, the Firewall is offline (we use medical Equipment and so on), but if the employee take the Notebook on a Business Trip (Airport as example) or for Homeoffice, the Firewall should be turned on (then they use only RDP on any off the Terminal Servers).

 

its thats even possible ?

  • Administrators
Marcos

Marcos 5,730

Posted
  • Administrators
Posted

It would work even when roaming with the notebook because polices as well as a list of dynamic groups and the appropriate DG expressions are received by agent when connecting to the ESET PROTECT server and therefore DG work even offline when a connection to the ESET PROTECT server isn't available. The membership in DG is evaluated on clients by the managing agent.

tesla

tesla 0

Posted
  • Author
Posted

okay , i will try.

 

Thank you :) 

tesla

tesla 0

Posted
  • Author
Posted

Hi, me again.

The policie and the evaluation works, thanks again.

But i have a question, it is possible for a DG Group Template to have a Expression with a value "connected to a ESET Protect Server yes/no" or im totally blind today :)

 

Greetings

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...