Remote Console Conditional Policy
Basic Screen Layout
The conditional policy screen is composed as follows.
- Conditional Policy Tab: A tab where conditional policies can be applied to registered servers
- Priority: Display policy priorities (the smaller the number, the higher the priority)
- Add Policy: Top left**[Add Policy]**Create a new policy with a button
- Search: Policy name, members, target server, usage status, and various other conditions can be searched.
Policy Search
You can search for policies based on various criteria, including policy name, members, target servers, conditions, enforcement policies, and usage status.
| Filter | Search Method | Description |
|---|---|---|
| Policy Name | Inclusive Search | Search for policy names that include keywords |
| Members | Inclusive Search + Dropdown Selection | User (Name·Email), Group, Department Search, Assignment/Exception Classification Selection, Multiple Selection Available |
| Target | Dropdown Selection | Search by registered server name or IP information, multiple selections allowed |
| Usage | Dropdown selection | Use / Not Use Selection |
| Condition | Inclusive Search + Dropdown Selection | Search by location (IP), time, and device conditions, multiple selections possible |
| Execution Policy | Dropdown selection | Access Allow/Deny, Isolation Security Policy (Allow All/Restricted Use), Additional Authentication Method Selection, Multiple Selections Possible |
Member Search Details
When you enter a name or email in the search box, results are displayed in real-time in a dropdown. You can select the Assignments / Exceptions tab to distinguish between cases that are assigned to a policy and those that have been handled as exceptions. All members are fixed at the bottom of the dropdown and will only be included in the search results if selected directly.
Detailed Condition Search
- Location: Search by entering an unrestricted location name or a registered location name. The results will be displayed in the format of location name | IP range.
- Time: Search by entering an unlimited time or a registered time name. The results are displayed in the format of time name | time range.
- Device: Choose from all devices, Desktop, Tablet, Mobile.
Detailed Search of Execution Policies
- Access Policy: Select Allow Access / Block Access
- Isolation Security Policy: Allow All / Select Limited Use
- Additional authentication methods: None / Email verification / OTP verification (applies only to access permission policies)
Search Condition Combination Rules
- Between filters (AND condition): If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
- Within Filter (OR Condition): If multiple items are selected within the same filter, any policy that matches at least one will be displayed.
Each set condition is displayed in tag form, and individual conditions can be removed using the × button on the tag.
⚠️ Priority changes are not possible when search filters are applied. To change the priority, please clear all search filters.
Get Policy
You can import a backup of the conditional policy from a JSON file (single policy) or a ZIP file (multiple policies) to register it.
- Download: Check the item checkbox > Click the [Download Policy] button in the top button bar
- When selecting 1: Download JSON file
- When selecting 2 or more: Download as a ZIP file.
- importClick the [Import Policy] button to select and register the backed-up JSON file or ZIP file.
Add Policy
Clicking **[Add Policy]** will take you to the new conditional policy page, where you can set the policy basic information / conditions / enforcement policy / and settings items.
Basic Policy Information
Policy Name
- Name (required): Up to 20 characters allowed
- Description (optional): Up to 200 characters can be entered.
Members
Set users or groups to include or exclude in this conditional policy.
- Allocation: Select all users or specific users/groups
- Exclusion: Specify users or groups to be excluded from the policy. Excluded members will not be subject to the policy regardless of assignment. The 'All Users' option cannot be used in the exclusion list.
Target Server
Select which server to apply this conditional policy to. You can choose from SSH / VNC / Telnet / RDP / Web type servers. When selecting a server, the name, IP (or URL), Port, and type information will be displayed.
Selection Limitations by Server Type
VNC, Telnet, and RDP servers cannot be selected in conjunction with the SSH server.
- When selecting VNC, Telnet, or RDP type servers: The option to select SSH type servers will be disabled.
- When selecting an SSH type server: VNC, Telnet, and RDP type server selections will be disabled.
This is because VNC, Telnet, and RDP servers do not support file upload/download functionality.
If the VNC, Telnet, and RDP servers are included, the file upload and file download options will not be displayed in the isolation security policy.
When selecting a web type server
The isolation security policy of the conditional policy that includes a web type server is provided in the same way as the entire isolation security policy item of the URL input field conditional policy. Keyboard input, site navigation, file upload/download, clipboard, session persistence, screen marking, print watermark, video conferencing mode, and context menu items are all displayed.
Condition
Set conditions for access environments such as location and time to be used in policy decisions.
Location Conditions
- All Locations(default): Apply policy at all locations without specific location conditions
- Select Registered Location: Select from the locations registered in the Security365 Management Center's condition items.
- [+Register Location]: Click to add a new location condition
- Exception Selection: Use to exclude a specific location among the selected locations.
Time Condition
- All Time(default): Always apply policy without specific time limits
- Registered Time Selection: Select from the registered time in the conditions section of the Security365 Management Center.
- [+Register Time]: Click to add a new time condition
- Exception Selection: Use to exclude a specific time zone from the selected time.
The location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.
Execution Policy
Access Policy
- Access Denied: Completely block server access under the given conditions
- Access Permission: Allows server access and enables the configuration of additional authentication methods.
Additional authentication methods(Only configurable when access is allowed)
- Not in use: Accessing the target without additional authentication
- Email Verification: The authentication code input window appears, and the authentication process begins (time limit: 5 minutes)
- OTP Authentication: Guidance on QR code and recovery key during initial registration, proceed with authentication by entering the authentication code after registration.
Isolation Security Policy
Set policies to control user behavior on the server. The items provided vary depending on the type of the target server.
| Item | Web | SSH | VNC / Telnet / RDP |
|---|---|---|---|
| Keyboard Input | ✅ | ✅ | ✅ |
| Site Navigation | ✅ | ❌ | ❌ |
| File Upload | ✅ | ✅ | ❌ |
| File Download | ✅ | ✅ | ❌ |
| Clipboard Access | ✅ | ✅ | ✅ |
| Session Persistence | ✅ | ✅ | ✅ |
| Screen Marking | ✅ | ✅ | ✅ |
| Print Watermark | ✅ | ❌ | ❌ |
| Video Conference Mode | ✅ | ❌ | ❌ |
| Context Menu | ✅ | ❌ | ❌ |
Detailed Behavior Control Items
Keyboard InputWhen blocked, a message saying "Input is prohibited by policy." will be displayed at the bottom center.
Site Navigation(Web type only): Access to domains other than the blocked one is not possible. When accessing a blocked site, you will be redirected to a page that says "This action is prohibited by policy."
File Upload(Web, only for SSH type): When allowed, file extension restrictions and storage (My PC file folder / SHIELDGate file folder) settings can be configured.
File Download(Web, applicable only to SSH type): When blocked, it redirects to the "This action is prohibited by policy." guidance page. When allowed, file extension restrictions and storage settings can be configured.
- My PC File Folder: Downloading files to the user's local PC
- SHIELDGate File Box: Saving files to SHIELDrive storage (storage can be specified)
- SHIELDViewer: Download after preview. Sub-options: PDF download / Original download / CDR download
Clipboard AccessControls copy/paste direction between the isolated browser and the user PC. When blocked, a message "Clipboard usage is prohibited by policy." will be displayed at the bottom center.
Session Persistence: When activated, idle time settings can be configured. After the idle time elapses, a first notification will be displayed, and the screen will be locked. You can return to the work page using the 'Refresh' button.
Screen MarkingWhen activated, it displays a watermark containing the username and email information on the screen. It is used to prevent data leakage and enhance accountability tracking.
Print Watermark(Web type only): When activated, it displays a watermark containing the username and email information on printed output.
Video Conference Mode(Web type only): Activate when using the web management console that requires video conferencing. When activated, the SHIELDGate shortcut feature is not provided.
Context Menu(Web type only): Controls the menu items displayed on right-click of the mouse individually ON/OFF by target area.
⚠️ When using the SHIELDGate file cabinet (SHIELDrive storage), the corresponding member must be assigned to the SHIELDrive storage.
Policy Configuration
- use: Policy is activated and works immediately
- Not in use: The policy is disabled and does not operate.
- Expiration Date: When checked, the calendar is activated to select the start date and end date to set the duration. If not set, it will operate indefinitely.
Policy Application Priority
When multiple policies conflict, the policy with a higher priority (a smaller number) will be applied. You can adjust the priority by dragging and dropping in the policy list.
Priority Quick Move
- Move to top / Move to bottom: Move immediately to the top or bottom
- Priority Move Dropdown: Select the desired number to move directly to a specific location
⚠️ Priority changes are not possible when search filters are applied. Please clear all filters before proceeding.
Download Policy Status
You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.
- Download All: Save all registered policy information as an Excel file
- Download Search Results: Save only the results with the current search filter applied as an Excel file
💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.