Use policy to control Edge SWG (ProxySG) administrator access
search cancel

Use policy to control Edge SWG (ProxySG) administrator access

book

Article ID: 167092

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

If you would like to control administrator access to the Edge SWG (ProxySG) Management Console and CLI, you can create policy to configure administrator access privileges.

Using policy rules, you can require administrators to identify themselves by entering a username and password and specify whether read-only or read-write access is given. You can make this policy contingent on IP address, user name, group membership (if credentials were required), and many other conditions.

This solution assumes you have already configured users and groups for authentication (using RADIUS, LDAP, Microsoft Active Directory, or other authentication servers) and created a realm on the Edge SWG (ProxySG) to connect to these servers.

These high-level steps provide instructions on creating policy in the Visual Policy Manager (VPM). For a basic introduction to creating policy, see the admin guide:

SGOS Administration Guide (7.3.x)
 

Resolution

To create policy for Edge SWG (ProxySG) administrator access:

  1. Launch the Visual Policy Manager.
  2. Create an Admin Authentication layer (Policy > Add Admin Authentication Layer ).
  3. In the Admin Authentication layer, specify the authentication realm that will be used to authenticate administrative users of the Edge SWG (ProxySG):
    • Right-click in the Action column and choose Set.
    • Select New > Authenticate.
    • Select the authentication mode and realm. (See ProxySG Authentication Modes.)
    • Close the dialogs.
       
  4. Create an Admin Access layer (Policy > Add Admin Access Layer).
  5. In the Admin Access layer, define who is allowed to access the Edge SWG (ProxySG):
    • Right-click in the Source column and choose Set.
    • Select New.
    • Select the entity (for example, Client IP address/subnet, User, Group) and configure the specifics.
    • Close the dialogs.
  6. Specify the type of administrator read/write access:
    • Right-click the Action column and select Allow Read-only Access or Allow Read/Write Access.
  7. By default, the policy applies to any service (HTTP/HTTPS in the Management Console and SSH in the CLI). If you want to control access to just the MC or just the CLI:
    • Right-click in the Service column and choose Set.
    • Select New > Service Name.
    • Select the service you want the rule to apply to (HTTP-Console, HTTPS-Console, or SSH-Console).
    • Close the dialogs.
  8. Install the policy.

 

Powered by Wolken Software