Jump to content
ronko

Out of office policy [In progress]

Recommended Posts

Hi,

I have 2 policy -

 

Active - Device control set to block WiFi.

Out of office - Device control set to allow WiFi.

 

Problem - when laptop is connected with VPN , laptop communicate with KSC so policy automatically set to "Active" and blocking WiFi.

 

I Want to allow VPN to use WiFi. - what are my options to do so? ( I want VPN laptops to communicate with KSC once connected)

 

Thanks

 

 

 

Share this post


Link to post
Hi,

I have 2 policy -

 

Active - Device control set to block WiFi.

Out of office - Device control set to allow WiFi.

 

Problem - when laptop is connected with VPN , laptop communicate with KSC so policy automatically set to "Active" and blocking WiFi.

 

I Want to allow VPN to use WiFi. - what are my options to do so? ( I want VPN laptops to communicate with KSC once connected)

 

Thanks

Hi,

 

You can use policy profiles without out-of-office policy configured as, if you outside office and have another ip different from an internal network subnets you use policy profile.

 

Thank you!

Share this post


Link to post

OK.

Can you please expand on this? What is the procedure?

 

If my company has the range of 10.10.10.0/24 and also mostly other network in the world (like home/public wifi/ etc) ?

 

 

Thanks

 

Share this post


Link to post
OK.

Can you please expand on this? What is the procedure?

 

If my company has the range of 10.10.10.0/24 and also mostly other network in the world (like home/public wifi/ etc) ?

Thanks

 

I suppose that your local network has a range of addresses and VPN clients obtain addresses from the special pool.

Thank you.

Share this post


Link to post

yes, the poll of VPN is 192.168.0.0/24 - So How can I choose this pool to get 3rd policy (not in office and not out of office)

 

Share this post


Link to post
yes, the poll of VPN is 192.168.0.0/24 - So How can I choose this pool to get 3rd policy (not in office and not out of office)

 

Hello.

 

You can use a policy profile (provided you are using KES SP1 or newer).

In the policy, you can find a "Policy profiles" section where you can set up the profile itself and how it is going to get activated.

Please note that you will be prompted to select from Administration server connection rules, which can be set up in a Network Agent policy. Create a connection rule with a "Subnet" condition (where you specify the VPN poll), activate it, then in Activation rules of a KES policy profile select that rule.

 

Thank you.

Share this post


Link to post

Another options is to use the BIOS of the laptop to handle this. Most laptops now days have an option in BIOS to disable Wifi when a network cable is plugged in. This is how we have our laptops setup.

Share this post


Link to post
Hello.

 

You can use a policy profile (provided you are using KES SP1 or newer).

In the policy, you can find a "Policy profiles" section where you can set up the profile itself and how it is going to get activated.

Please note that you will be prompted to select from Administration server connection rules, which can be set up in a Network Agent policy. Create a connection rule with a "Subnet" condition (where you specify the VPN poll), activate it, then in Activation rules of a KES policy profile select that rule.

 

Thank you.

 

Hi Kiril,

Thank you for the comment, this is very interesting, because policy profile rule can be activated on any condition set for example : "Is external network" set to YES or NO, but how KES10 know that this is an external network?

 

Its an external network if the laptop is not communicating with KSC. However most customers want VPN connection to communicate with KSC so in that case Policy profile will not be activated since its an internal network - and then the laptop get blocked by WiFi.

 

Activation Rule is not working also since we have only 1 server.

 

Should we be using "switch to out of office policy " in that case?

Edited by ronko

Share this post


Link to post

Hi,

 

but how KES10 know that this is an external network?

It`s checking host`s network settings and could figure is it domestic network or not.

 

Should we be using "switch to out of office policy " in that case?

In that case some pre-set parameter will be activated and used to protect the host.

However, the host will remain disconnected.

 

Thank you!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.