1.2.1. Policy

The policy is a set of hierarchical rules that operates similarly to a firewall. To facilitate its design, it declares the more specific rules at the top descending to more general rules. Each openNAC rule is composed as follows:

Default Portal

../../../_images/policies_add_new.png


NextGen Portal

../../../_images/create_new_policy.png


Before creating a new policy we have to understand the main sections that are included in a policy evaluation process.

The General section contains the policy name, an optional comment to describe the policy and lets the user the possibility of enable or disable the policy.

The Preconditions section allows to add conditions before the authentication happens, Time of the connection, Users, User and Network devices evolved, and type of authentication (Sources), right after we will detail all the options available.

The Postconditions section allows to add conditions after that authentication happens, Vlan assignment, Security Profiles or ACLS at ingress port, plugins and its parameters, notifications, etc.

The Other sectionAllow activate device autolearning (User devices that match with this policy will be automatically added to ON CMDB). If autolearning is activated you can set a tag that will be inserted to the user device. In this section a customized message can be defined to be used in openNAC Agent and in the different captive portal workflows.

You can find the Policies configuration window in the Default Administration Portal under ON NAC > Policies.

In the NextGen Administration Portal, this window is located under Configure > NAC > Policies.

If you have any doubts regarding which portal documentation you should refer to, read the Administration Portal section. There you can find the details about both portals and the use cases they support.