This article describes how to add a device definition for client firewall in Smart ID Digital Access component.Client firewalls can be used to specify rules based on the path or checksum of the process that is trying to connect to the Internet. To make this possible, you must first add a device definition that specifies the values of the path, and/or checksum of the process. There are two variables that can be used in device definitions that is used by client firewalls. These are:- clientfirewall-path
- clientfirewall-checksum
Only device definitions containing these variables can be used in the client firewall rules.
Step-by-step instruction
 Add device definition - Internet Explorer
To add Internet Explorer as a device definition allowing users to access it from their device, add a device definition with these settings:
- In Digital Access Admin, go to Manage Systems.
- Click Device Definitions.
Click Add Device Definition... and enter Display Name and Definition.
Display Name: Internet Explorer Process
Definition: clientfirewall-path=%ProgramFiles%\Internet Explorer\iexplore.exe
%ProgramFiles%Â is an environment variable that will be parsed on the access client so that the device definition will be valid on all clients whatever language the operating system has.
 Add device definition based on MD5 checksum
To define a device based on the checksum, use a hexadecimal representation of the MD5 checksum.
- In Digital Access Admin, go to Manage Systems.
- Click Device Definitions.
Click Add Device Definition... and enter Display Name and Definition.
Display Name: Internet Explorer Process
Definition: clientfirewall-checksum=e7484514c0464642be7b4dc2689354c8
When using clientfirewall-checksum, the device will only be valid for a specific version of Internet Explorer.
 Add device definition combining checksum and path
You can combine both checksum and path using AND/OR between expressions. For example, you may specify a list of valid checksums, using the pipe character | (OR ).
- In Digital Access Admin, go to Manage Systems.
- Click Device Definitions.
Click Add Device Definition... and enter Display Name and Definition.
Display Name: Internet Explorer Process
Definition: clientfirewall-checksum=<checksum1> | clientfirewall-checksum=<checksum2> | …
Note that all entries between the | (OR ) operator must be on the same line.
The device definitions made for client firewalls can also be used in access rules for tunnel resources.