Document toolboxDocument toolbox

Add device definition for client firewall in Digital Access

This article describes how to add a device definition for client firewall in Smart ID Digital Access component.Client firewalls can be used to specify rules based on the path or checksum of the process that is trying to connect to the Internet. To make this possible, you must first add a device definition that specifies the values of the path, and/or checksum of the process. There are two variables that can be used in device definitions that is used by client firewalls. These are:

  • clientfirewall-path
  • clientfirewall-checksum

Only device definitions containing these variables can be used in the client firewall rules.


 Prerequisites

-

Step-by-step instruction

 Add device definition - Internet Explorer

To add Internet Explorer as a device definition allowing users to access it from their device, add a device definition with these settings:

  1. In Digital Access Admin, go to Manage Systems.
  2. Click Device Definitions.
  3. Click Add Device Definition... and enter Display Name and Definition.

    Example

    Display Name: Internet Explorer Process
    Definition: clientfirewall-path=%ProgramFiles%\Internet Explorer\iexplore.exe

    %ProgramFiles% is an environment variable that will be parsed on the access client so that the device definition will be valid on all clients whatever language the operating system has.

 Add device definition based on MD5 checksum

To define a device based on the checksum, use a hexadecimal representation of the MD5 checksum.

  1. In Digital Access Admin, go to Manage Systems.
  2. Click Device Definitions.
  3. Click Add Device Definition... and enter Display Name and Definition.

    Example

    Display Name: Internet Explorer Process
    Definition: clientfirewall-checksum=e7484514c0464642be7b4dc2689354c8

    When using clientfirewall-checksum, the device will only be valid for a specific version of Internet Explorer.

 Add device definition combining checksum and path

You can combine both checksum and path using AND/OR between expressions. For example, you may specify a list of valid checksums, using the pipe character | (OR ).

  1. In Digital Access Admin, go to Manage Systems.
  2. Click Device Definitions.
  3. Click Add Device Definition... and enter Display Name and Definition.

    Example

    Display Name: Internet Explorer Process
    Definition: clientfirewall-checksum=<checksum1> | clientfirewall-checksum=<checksum2> | …

    Note that all entries between the | (OR ) operator must be on the same line.

The device definitions made for client firewalls can also be used in access rules for tunnel resources.

Related information

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions