Example: Denying access to client machines without Anti-Virus

An Administrator can define access policy in TAC for certain criteria of end user's system and allow or deny access to the site based on the policy evaluation,

In this example we will create access policy to allow access if the end user's system has valid Anti-Virus system installed and is up to date.

  1. Go to Access Policy console in TAC
  2. In the Rule Designer, on the left pane, select User Defined and click on  to create a new policy.
  3. Enter policy name.Click OK.
  4. In the right pane, click on  to create rules.
  5. In the rule settings section, enter rule name.
  6. Click on  to enter rule conditions. this will open condition wizard.
  7. In the step 1, select Anti Virus from Objects > Device.
  8. Click next.
  9. In the step 2, select "IsPresent" as the object's property. click next.
  10. In the step 3, select the condition "Equals". click next.
  11. In the step 4. select the value "yes".
  12. Click on  to complete the condition. you will see your condition in the "IF" section of the Rule Window.Next, select the required permissions if the condition(s) in the rule met.
  13. In the "THEN" section, select the permission "Allow".You may select Deny in the ELSE section with a message or left it blank will explicitly deny if any of the conditions or rules in the list not matched. Since we have single condition and rule at the moment, left blank of the ELSE section will deny any access that does not meet the rule evaluation.  
  14. Click on  in the rule designer to complete the rule.
  15. created rule will display in the policy window. click on it to see the rule details. 
    Summery of the created rule is - " IF {AntiVirus is present (equal=yes)} THEN allow access; otherwise explicit Deny will take effect due to non condition match and end of rule evaluation".
    Administrator may combine multiple conditions in single rule using "AND /OR " operators or you may create many rules to make the evaluation more accurate.
    • To add multiple conditions, in the policy window select the rule and click .
    • In the Rule window click on  to add additional conditions. 
    • Repeat step 6 to step 12 .
    • In below example, there are 2 additional conditions defined to evaluate in combined with "AND" operator. It evaluates whether anti-virus tool is present, active and up to date updated on a system before it provides access to TAC site.  
    • Click on  to complete the rule editing.
  16. Click on  in the policy window to complete the policy.
  17. Click on  in the Solution toolbar to save the rule.
  18. Close Access Policy console.

Next, administrator needs to assign the policy to the TAC Site.