/
Add device definition for client firewall in Digital Access

Nexus Documentation

Add device definition for client firewall in Digital Access

Dec 18, 2023

This article describes how to add a device definition for client firewall in Smart ID Digital Access component.

Client firewalls can be used to specify rules based on the path or checksum of the process that is trying to connect to the Internet. To make this possible, you must first add a device definition that specifies the values of the path, and/or checksum of the process. There are two variables that can be used in device definitions that is used by client firewalls. These are:

  • clientfirewall-path

  • clientfirewall-checksum

Only device definitions containing these variables can be used in the client firewall rules.

 

-

Step-by-step instruction

To add Internet Explorer as a device definition allowing users to access it from their device, add a device definition with these settings:

  1. In Digital Access Admin, go to Manage Systems.

  2. Click Device Definitions.

  3. Click Add Device Definition... and enter Display Name and Definition.

    %ProgramFiles% is an environment variable that will be parsed on the access client so that the device definition will be valid on all clients whatever language the operating system has.

To define a device based on the checksum, use a hexadecimal representation of the MD5 checksum.

  1. In Digital Access Admin, go to Manage Systems.

  2. Click Device Definitions.

  3. Click Add Device Definition... and enter Display Name and Definition.

    When using clientfirewall-checksum, the device will only be valid for a specific version of Internet Explorer.

You can combine both checksum and path using AND/OR between expressions. For example, you may specify a list of valid checksums, using the pipe character | (OR ).

  1. In Digital Access Admin, go to Manage Systems.

  2. Click Device Definitions.

  3. Click Add Device Definition... and enter Display Name and Definition.

    Note that all entries between the | (OR ) operator must be on the same line.

The device definitions made for client firewalls can also be used in access rules for tunnel resources.

Related information