다음을 통해 공유


Display end-point detection variables on the client-side

When you connect an IAG portal, a client-side component will inspect your workstation and will take a “technical picture” of your machine.

This “picture” will contain by default more than 200 checks and can be extended quickly to cope with your own security constraints.

Once this analysis is finished, IAG will constantly use this useful information to check if your machine is compliant with the security policy of an application (granularity is “per application” with IAG compared with NAP(networ layer) approach which is pretty binary, your IN or OUT the network), or even a sub function in an application such as upload, download, restricted zones.

By default, as a user, you cannot see the result of this analysis (for debug purpose). Only the administrator can do that with server-side tools (web monitor).

If the admin want to propose such feature, here is the procedure.

1. On IAG server, copy the sample file ShowResults.asp to InternalSite/ShowResults.asp. By default it works, but you can also customize this file to display more information, or with a better look a feel.

2. Because you introduce a new file in the “internal site” application, you need to explicitly tell IAG’s firewall that it is not a security problem. To do so, on IAG machine, in the Configuration program, add the following rule to internalsite ruleset:
Name: InternalSite_RuleXX
Action: Accept
URL: /internalsite/showresults\.asp
Parameters: Reject
Methods: GET

3. Activate the configuration in IAG console.
Press "Activate" to activate the configuration.

Now the server is ready.

Back to the workstation, as a use you just need to specify the path to reach that showresult.asp page.

For an HTTPS portal named "portal", surf https://www.portal.com/internalsite/showresults.asp

For an HTTP portal named "portal", surf to
https://www.portal.com/internalsite/showresults.asp