Chapter 24 Web Authentication
UAG CLI Reference Guide
145
24.2.2 web-auth policy Sub-commands
The following table describes the sub-commands for several web-auth policy commands. Note that
not all rule commands use all the sub-commands listed here.
Table 81 web-auth policy Sub-commands
COMMAND DESCRIPTION
[no] activate Activates the specified condition. The no command deactivates the
specified condition.
[no] authentication {force |
required}
Selects the authentication requirement for users when their traffic matches
this policy. The no command means user authentication is not required.
force: Users need to be authenticated and the UAG automatically display
the login screen when users who have not logged in yet try to send HTTP
traffic.
required: Users need to be authenticated. They must manually go to the
login screen. The UAG will not redirect them to the login screen.
[no] description description Sets the description for the specified condition. The no command clears the
description.
description: You can use alphanumeric and
()+/:=?!*#@$_%-
characters, and it can be up to 60 printable ASCII characters long.
[no] destination {address_object |
group_name}
Sets the destination criteria for the specified condition. The
no command
removes the destination criteria, making the condition effective for all
destinations.
[no] eps <1..8> eps_object_name Associates the specified End Point Security (EPS) object with the specified
condition. The UAG checks authenticated users’ computers against the
condition’s endpoint security objects in the order of 1 to 8. You have to
configure order 1 and then the others if any. The no command removes the
specified EPS object’s association with the condition.
To apply EPS for this condition, you have to also make sure you enable EPS
and set authentication to either required or force for this condition.
[no] eps activate Enables EPS for the specified condition. The no command means to disable
EPS for the condition.
[no] eps periodical-check
<1..1440>
Sets a number of minutes the UAG has to repeat the endpoint security
check. The
no command means that the UAG only perform the endpoint
security check when users log in to the UAG.
[no] force Forces users to log in to the UAG if the specified condition is satisfied. The
no command means that users do not log in to the UAG.
interface interface_name Sets an interface on which packets for the policy must be received.
[no] schedule schedule_name Sets the time criteria for the specified condition. The no command removes
the time criteria, making the condition effective all the time.
[no] source {address_object |
group_name}
Sets the source criteria for the specified condition. The no command
removes the source criteria, making the condition effective for all sources.
eps insert <1..8> eps_object_name Inserts the specified EPS object for the condition. The number determines
the order that this EPS rule is executed in the condition.
eps move <1..8> to <1..8> Changes an endpoint object’s position in the execution order of the
condition.
show Displays information about the specified condition.
To Next Page
Loading...
