Skip to main content

Remote Console Conditional Policy

Basic Screen Layout

The conditional policy screen is structured as follows:

  1. Conditional Policy TabTab for applying conditional policies to registered servers
  2. Priority: Display policy priority (the smaller the number, the higher the priority)
  3. Add Policy: Top left**[Add Policy]**Create a new policy with the button
  4. Search: Searchable by various criteria such as policy name, members, target server, usage status, etc.

You can search for policies based on various criteria, including policy name, members, target servers, conditions, enforcement policies, and usage status.

Types of search filters

FilterSearch MethodDescription
Policy NameInclude searchSearch for policy names containing keywords
MembersInclude search + dropdown selectionUser (Name·Email), Group, Department search, Assignment/Exception distinction selection, Multiple selection available
TargetDropdown selectionSearch by registered server name or IP information, multiple selections allowed.
Usage statusDropdown selectionUse / Not Use Selection
ConditionInclude search + dropdown selectionSearch by location (IP), time, and device conditions, multiple selections allowed.
Execution PolicyDropdown selectionAccess Allow/Deny, Isolation Security Policy (Allow All/Restricted Use), Select Additional Authentication Methods, Multiple Selections Possible

Member Search Details

  • When you enter a name or email in the search box, results will be displayed in real-time in a dropdown.
  • Allocation / ExceptionYou can search by distinguishing between cases where a tab is selected and assigned to a policy and cases that are handled as exceptions.
  • 모든 구성원is fixed at the bottom of the dropdown and is included in the search results only when selected directly.
  • Location: 위치 제한 없음You can search by entering a registered location name. The results are위치명 | IP 범위It will be displayed in the format.
  • time: 시간 제한 없음You can search by entering the registered time name. The results are시간명 | 시간 범위It will be displayed in the format.
  • Device: 모든 디바이스, Desktop, Tablet, MobileSelect __PH_0__.

Execution Policy Search Details

  • Access Policy: Select Allow Access / Block Access
  • Isolation Security Policy: Allow all / Select restricted use
  • Additional authentication methods: Not in use / Email verification / OTP verification selection (applies only to access permission policy)

Search Condition Combination Rules

  • **Between filters (AND condition)**If you set multiple different filters, only the policies that satisfy all conditions simultaneously will be displayed.
  • **Within filter (OR condition)**If you select multiple items within the same filter, any policy that matches at least one will be displayed.
  • Each set condition is displayed in the form of tags, and the tags'×You can remove individual conditions with the button.

⚠️ Priority changes are not possible when a search filter is applied. To change the priority, please clear all search filters.

Get Policy

  • You can import a backup of the conditional policy from a JSON file (single policy) or a ZIP file (multiple policies) for registration.

[How to Use]

  1. Download: Check the item checkbox > Click the [Policy Download] button in the top button bar.
    • Download JSON file when 1 item is selected.
    • When selecting 2 or more: Download as a ZIP file.
  2. Import: Click the [Import Policy] button to select and register the backed-up JSON file or ZIP file.

Add Policy

**[Add Policy]**Clicking will take you to the new conditional policy page, where you can set the following items:

  • Policy Basic Information
  • Condition
  • Execution Policy
  • Settings

Policy Basic Information

Policy Name

  • Name(Required): Up to 20 characters can be entered.
  • Description(Optional): Up to 200 characters can be entered.
  • The conditional policy name is a required field, and you must enter a unique name to identify the policy.

Members

Set users or groups to be assigned or excluded from this conditional policy as members.

Allocation

  • All users: Apply policy to all users
  • Select user or group: Search for and select a specific user or group.
    • Search by entering a username or group name in the search box.
    • The selected user or group can be confirmed in the box below.

exclude

  • Specify users or groups to exclude from the policy.
  • Excluded members are not subject to the policy regardless of assignment status.
  • The 'All Users' option cannot be used in the exclusion list.
  • You can check the list of excluded members in the box below after selecting the members to exclude.

Target server

Select which server to apply this conditional policy to.

Select Registered Server

  • Select the registered server from the server list.
  • When selecting a server, the name, IP, Port, and type information will be displayed.

Selection Restrictions by Server Type

  • VNC and Telnet servers cannot be selected in conjunction with the SSH server.
    • When selecting a VNC or Telnet type server: The option to select an SSH type server will be disabled.
    • When selecting an SSH type server: VNC and Telnet type server selections will be disabled.
  • This is because VNC and Telnet servers do not support file upload/download functionality.

Guidelines for Selecting VNC and Telnet Servers

File upload/download functionality is not available for VNC and Telnet servers.

Condition

Set conditions such as location and time to be used for policy judgment. Based on the assigned conditions, determine the user's access environment and decide whether to apply the policy.

Location conditions

You can choose from the following two items for the location (IP) condition:

  • All locations(Default): Apply the policy at all locations without specific location conditions.
    • Exception selection: To exclude only specific locations among all locations, specify the locations to be excluded through 'exception selection'.
  • Select registered locationSelect from the locations registered in the conditions section of the Security365 management center.
    • Click 'Select a location' to view the list of registered locations.
    • [+Location Registration]: Click to add a new location condition.
    • Exception selection: Use 'exception selection' to exclude specific locations from the selected locations.

Time conditions

You can choose between the following two time conditions:

  • All time(Default): Always apply the policy without any specific time limit.
    • Exception selection: To exclude only specific time zones among all times, specify the time to be excluded through 'exception selection'.
  • Select registered timeSelect from the registered times in the conditions section of the Security365 management center.
    • Click 'Select Time' to check the list of registered times.
    • [+Time Registration]: Click to add a new time condition.
    • Exception selection: Use 'exception selection' to exclude specific time zones from the selected time.

Condition Management Notes

  • The location and time conditions can be registered, deleted, or edited in the [Condition Items] menu of the Security365 Management Center.
  • Use exception selection to configure in detail when complex conditions are required.

Execution Policy

Access Policy

This conditional policy sets the access permissions when a member of the target subject wants to connect.

Access Permission Status

  • Access Denied: Completely block server access under the given conditions.
  • Access Granted: Allows server access and enables the configuration of additional authentication methods.

Additional authentication methods(Only configurable when access is allowed)

  • Not in useAccess the target without additional authentication.
  • Email verification:
    • The authentication code input field appears, and the authentication process begins.
    • Time limit: 5 minutes
    • If you did not receive the verification code in time, click 'Resend Verification Code'.
  • OTP authentication:
    • QR code and recovery key instructions during initial registration
    • Enter the authentication code after registration to proceed with verification.

When authentication fails

  • "Authentication has failed." Display alert popup
  • Unable to access the specified target.

Isolation Security Policy

Set policies to control user behavior on the server. Each behavior control item can select whether to allow or block.

Limitations when selecting VNC and Telnet servers

If the target server includes a VNC or Telnet type server, in the isolation security policyFile UploadWowFile DownloadThe options are not displayed.
VNC and Telnet type servers do not support file transfer functionality.

Behavior Control Item

Keyboard input

  • Allow/Deny Settings
  • When blocked: A message saying "Input via keyboard is prohibited by policy." is displayed at the bottom center.

File Upload(Only applicable to SSH server)

  • Allow/Deny Settings
  • Additional settings when allowed:
    • File extension restriction: Select allowed file extensions (e.g., jpg, png, pdf, etc.)
    • Select Repository:
      • My PC file folder
      • SHIELDGate file folder

File Download(Only applicable to SSH server)

  • Allow/Deny Settings
  • When blocked: "This action is prohibited by policy. Downloading is not allowed according to the policy." Navigate to the information page, return to the previous screen with the close button.
  • Additional settings when allowed:
    • File extension restriction: Select allowed file extensions
    • Select Repository:
      • My PC file folder: Download files to the user's local PC
      • SHIELDGate file folder: Save files to SHIELDrive storage (storage can be specified)
      • SHIELDViewer: A feature to preview and view files using SHIELDViewer when downloading files.
        • Provide sub-options:
          • Download PDF: Allow/Block downloading of the original converted to PDF (Default: Allow)
          • Download OriginalAllow/Block original document download (Default: Block)
          • CDR DownloadAllow/Block download after neutralization processing through CDR (Default: Block)
        • Operation methodA preview of SHIELDViewer opens in a new tab, displaying only the corresponding download button based on the set options.

Precautions when using the SHIELDGate file cabinet (SHIELDrive storage)

  • The member must be assigned to SHIELDrive storage to be available.
  • File download unavailable if there is no storage allocation.
  • Storage allocation can be done by clicking on the File menu in the admin page.스토리지 관리It can be set in the menu.

Clipboard Access

  • Control of copy/paste between the isolation browser and the user PC
  • Individual settings available by direction:
    • Whether to allow clipboard access from the isolated browser to the user's PC.
    • Allow clipboard access in the isolated browser on PC.
  • When blocked: A message stating "Clipboard usage is prohibited by policy." will be displayed at the bottom center.

Session Maintenance

  • Activating session persistence protects the data on the screen through the lock screen when there is no screen activity during the idle time.
  • Idle time setting available when activated (in minutes)
  • After idle time has elapsed:
    • First Notice: Screen Lock Warning
    • Secondary Notification: Screen Lock
    • You can return to the work page through the 'Refresh' button.

Screen marking

  • Activation/deactivation settings available
  • When activated: Display a watermark on the screen containing username, email information, etc.
  • Enhancing data leak prevention and accountability traceability

Policy Configuration

You can set the usage and validity period of this conditional policy.

Usage status

  • use: The policy is activated and will take effect immediately.
  • Not in use: The policy is disabled and not functioning.

Expiration Date

  • When not set: Operate indefinitely
  • Expiration date usage:
    • Checking the 'Expiration Date' item activates the calendar.
    • Select start and end dates to set the period.
    • The policy operates only during the specified period.

Policy Application Priority

  • If multiple policies conflict, the policy with a higher priority (a smaller number) will be applied.
  • You can adjust the priority by dragging and dropping in the policy list.
  • If multiple policies are set for the same conditions, the most restrictive policy takes precedence.
  • Policy priorities must be set carefully as they are important for the effective management of policies.

Priority Quick Move

After selecting a policy, you can quickly change the priority using the following method.

  • Move to the top / Move to the bottom: Move immediately to the top or bottom
  • Priority Move Dropdown: Select the desired number to move directly to a specific location.

⚠️ Priority changes are not possible when a search filter is applied. Please proceed after clearing all filters.

Download Policy Status

You can download the list of conditional policies as an Excel (.xlsx) file. This is provided separately from the existing JSON backup feature.

  • Full DownloadSave all registered policy information as an Excel file.
  • Download Search Results: Save only the results with the current search filter applied to an Excel file.

💡 JSON download is for policy backup and restoration, while Excel download is used for status analysis and reporting purposes.