Skip to main content

Conditional Policy for Remote Console

Basic Screen Layout

The conditional policy screen is composed as follows:

  1. Conditional Policy Tab: A tab where conditional policies can be applied to registered servers
  2. Priority: Display policy priorities (the smaller the number, the higher the priority)
  3. Add Policy: Top left**[Add Policy]**Create a new policy with a button
  4. Search: Policy name, members, target server, usage status, and other various conditions can be searched.

You can search for policies based on various criteria, including policy name, members, target servers, conditions, enforcement policies, and usage.

Types of Search Filters

FilterSearch MethodDescription
Policy NameInclusive SearchSearch for policy names containing keywords
MembersInclusive Search + Dropdown SelectionUser (Name·Email), Group, Department Search, Assignment/Exception Classification Selection, Multiple Selection Available
TargetDropdown SelectionSearch by registered server name or IP information, multiple selections allowed
UsageDropdown SelectionUse / Unused Selection
conditionInclusive Search + Dropdown SelectionSearch by location (IP), time, and device conditions, multiple selections allowed
Execution PolicyDropdown SelectionAccess Allow/Deny, Isolation Security Policy (Allow All/Restricted Use), Select Additional Authentication Methods, Multiple Selections Possible

Member Search Details

  • When you enter a name or email in the search box, results will be displayed in real-time in a dropdown.
  • Allocation / ExceptionYou can search by distinguishing between cases where a tab is selected and cases where exceptions are handled.
  • 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.
  • Location: 위치 제한 없음or enter a registered location name to search. The results are위치명 | IP 범위It will be displayed in the format.
  • time: 시간 제한 없음You can search by entering the registered time name. The results are시간명 | 시간 범위It will be displayed in the format.
  • Device: 모든 디바이스, Desktop, Tablet, MobileSelect medium.

Execution Policy Search Details

  • Access Policy: Select Allow Access / Block Access
  • Isolation Security Policy: Allow all / Select limited use
  • Additional authentication methods: Not used / Email verification / OTP verification selection (applies only to access control policies)

Search Condition Combination Rules

  • **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • **Within Filter (OR Condition)**If you select multiple items within the same filter, any matching policies will be displayed.
  • Each condition set is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ Priority changes are not possible when search filters are applied. To change the priority, please clear all search filters.

Fetch Policy

  • You can import and register a backup of a conditional policy from a JSON file (single policy) or a ZIP file (multiple policies).

[How to Use]

  1. Download: Check the item checkbox > Click the [Download Policy] button on the top button bar.
    • Download JSON file when 1 is selected
    • When selecting 2 or more: Download as a ZIP file.
  2. Import: Click the [Import Policy] button to select and register the backed-up JSON file or ZIP file.

Add Policy

**[Add Policy]**Clicking will take you to the new conditional policy page, where you can set the following items:

  • Basic Policy Information
  • condition
  • Execution Policy
  • Settings

Basic Policy Information

Policy Name

  • name(required): Up to 20 characters can be entered
  • Description(Optional): Up to 200 characters can be entered.
  • The conditional policy name is a required field, and you must enter a unique name to identify the policy.

Members

Set users or groups to include or exclude in this conditional policy.

Allocation

  • All Users: Apply policies to all users
  • Select User or Group: Search for and select a specific user or group
    • Search by entering a username or group name in the search box.
    • The selected user or group can be confirmed in the box below.

Exclusion

  • Specify users or groups to exclude from the policy
  • Excluded members are not subject to the policy regardless of allocation.
  • The 'All Users' option cannot be used in the exclusions.
  • You can check the list of excluded members in the box below by selecting the members to exclude.

Target Server

Select which server to apply this conditional policy to.

Select Registered Server

  • Select the registered server from the server list.
  • When selecting a server, the name, IP, port, and type information are displayed.

Selection Restrictions by Server Type

  • VNC and Telnet servers cannot be selected in conjunction with the SSH server.
    • When selecting VNC or Telnet type servers: The option to select SSH type servers is disabled.
    • When selecting SSH type server: VNC and Telnet type server selections will be disabled.
  • This is because VNC and Telnet servers do not support file upload/download functionality.

Guidelines for Choosing VNC and Telnet Servers

For VNC and Telnet servers, the file upload/download feature is not available.

condition

Set conditions such as location and time to be used for policy judgment. Based on the assigned conditions, determine the user's access environment and decide whether to apply the policy.

Location Conditions

You can choose from the following two items for the location (IP) condition:

  • All Locations(default): Apply policy at all locations without specific location conditions
    • Exception selection: To exclude only specific locations among all locations, specify the locations to be excluded through 'exception selection'.
  • Select Registered Location: Select from the locations registered in the Security365 Management Center's condition items.
    • Click 'Select a location' to view the list of registered locations.
    • [+Register Location]: Click to add a new location condition
    • Exception Selection: Use 'Exception Selection' to exclude specific locations from the selected locations.

Time Conditions

You can choose from the following two time conditions:

  • all time(default): Always apply policy without any specific time limit
    • Exception Selection: To exclude only specific time zones from all times, specify the time to be excluded through 'Exception Selection'.
  • Registered Time Selection: Select from the registered time in the conditions section of the Security365 Management Center.
    • Click 'Select a Time' to check the list of registered times.
    • [+Register Time]: Click to add a new time condition
    • Exception Selection: Use 'Exception Selection' to exclude specific time zones from the selected time.

Condition Management Notes

  • Location and time conditions can be registered/deleted/edited in the [Condition Items] menu of the Security365 Management Center.
  • Use exception selection to finely configure when complex conditions are required.

Execution Policy

Access Policy

This sets the access permissions when a member of the target to which this conditional policy applies wants to connect.

Access Permission Status

  • Access Denied: Completely block server access under the given conditions
  • Access Permission: Allows server access and enables the configuration of additional authentication methods.

Additional authentication methods(Only configurable when access is allowed)

  • Not in use: Accessing the target without additional authentication
  • Email Verification:
    • The authentication code input window appears, and the authentication process begins.
    • Time limit: 5 minutes
    • If you did not receive the authentication code in time, click 'Resend Authentication Code'
  • OTP Authentication:
    • Guidance on QR Code and Recovery Key During Initial Registration
    • Enter the authentication code after registration to proceed with authentication.

When authentication fails

  • "Authentication has failed." Display alert popup
  • Unable to access the target

Isolation Security Policy

Set policies to control user actions on the server. Each action control item can choose whether to allow or block.

Limitations When Choosing VNC and Telnet Servers

If the target server includes a VNC or Telnet type server, in the isolation security policyFile UploadWowFile DownloadThe options are not displayed.
VNC and Telnet type servers do not support file transfer functionality.

Behavior Control Items

Keyboard Input

  • Allow/Deny Settings
  • When blocked: A message "Input via keyboard is prohibited by policy." is displayed at the bottom center.

File Upload(Only for SSH server)

  • Allow/Deny Settings
  • Additional settings when allowed:
    • File Extension Restrictions: Select allowed file extensions (e.g., jpg, png, pdf, etc.)
    • Repository Selection:
      • My PC File Folder
      • SHIELDGate File Box

File Download(Only for SSH server)

  • Allow/Deny Settings
  • When blocked: "This action is prohibited by policy. Downloading is prohibited by policy." Go to the guidance page, return to the previous screen with the close button.
  • Additional settings when allowed:
    • File Extension Restrictions: Select allowed file extensions
    • Repository Selection:
      • My PC File Folder: Downloading files to the user's local PC
      • SHIELDGate File Box: Saving files to SHIELDrive storage (storage can be specified)
      • SHIELDViewer: A feature to preview files using SHIELDViewer when downloading files.
        • Providing Sub-options:
          • PDF Download: Allow/Block download of the original as a PDF (Default: Allow)
          • Download Original: Allow/Block Download of Original Document (Default: Block)
          • Download CDR: Allow/Block download after decontamination processing through CDR (Default: Block)
        • How It Works: A preview of SHIELDViewer opens in a new tab, displaying only the corresponding download button based on the set options.

Precautions for Using SHIELDGate File Storage (SHIELDrive Storage)

  • The member must be assigned to SHIELDrive storage to be available.
  • File download not possible if there is no storage allocation
  • Storage allocation is done by clicking on the Files menu in the admin page.스토리지 관리It can be set in the menu.

Clipboard Access

  • Control of Copy/Paste Between Isolated Browser and User PC
  • Individual settings available by direction:
    • Whether to allow clipboard access from the isolated browser to the user's PC
    • Allowing Clipboard Access in Isolated Browser on PC
  • When blocked: "Clipboard usage is prohibited by policy." notification is displayed at the bottom center.

Session Persistence

  • Activating session persistence protects the data on the screen through the lock screen when there is no screen activity during idle time.
  • Idle time setting available when activated (in minutes)
  • When idle time elapses:
    • 1st Notice: Screen Lock Announcement
    • Secondary Notification: Screen Lock
    • You can return to the work page through the 'Refresh' button.

Screen Marking

  • Enable/Disable Settings
  • When activated: Display a watermark on the screen containing username, email information, etc.
  • Data Leakage Prevention and Enhanced Accountability Tracking

Policy Settings

You can set the usage and validity period of this conditional policy.

Usage Status

  • use: The policy is activated and takes effect immediately
  • Not in use: The policy is disabled and not functioning.

Expiration Date

  • When not set: Operate indefinitely
  • Expiration Date Usage:
    • Checking the 'Expiration Date' item activates the calendar.
    • Set the period by selecting the start date and end date.
    • Policy operates only during the set period.

Policy Application Priority

  • When multiple policies conflict, the policy with the higher priority (the smaller number) will be applied.
  • You can adjust the priority by dragging and dropping in the policy list.
  • If multiple policies are set under the same conditions, the most restrictive policy takes precedence.
  • Policy priorities must be set carefully as they are important for the effective management of policies.

Priority Quick Navigation

After selecting a policy, you can quickly change the priority using the following method.

  • Move to top / Move to bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location.

⚠️ Priority changes are not possible when search filters are applied. Please clear all filters before proceeding.

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Download All: Save all registered policy information as an Excel file
  • Download Search Results: Save only the results with the current search filter applied as an Excel file.

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.