topic Re: Policy Set function on authentication and authorization. in Network Security

Policy Set function on authentication and authorization.

Leftz — Mon, 13 Sep 2021 20:23:11 GMT

We know Policy set is a container containing authentication and authorization rules etc. each authentication and authorization policy also has Conditions option for us to fill out, but Policy Set also has Condition option that we use to define. How does this Policy set Condition work? Do you think Policy set condition is necessary?

Re: Policy Set function on authentication and authorization.

Rob Ingram — Mon, 13 Sep 2021 20:57:19 GMT

@Leftz I generally use policy set conditions to distinguish between different connection scenarios, such as 802.1x Open Mode or 802.1x Closed More or Remote Access VPN etc. In a large complex environment, without having multiple Policy Sets you could have a overly complex Policy Set. By using multiple Policy Sets if the connection does not match the condition configured under the Policy Set, it will completely skip that Policy Set until it matches another, at which point it will process the associated authentication and authorisation rules. Depending on the size of your environment, using multiple Policy Sets will speed up the authentication/authorisation process.

Re: Policy Set function on authentication and authorization.

Leftz — Tue, 14 Sep 2021 14:08:29 GMT

Thank you Rob! Can I say in some situation, the condition in Policy set is not required?

Re: Policy Set function on authentication and authorization.

Rob Ingram — Tue, 14 Sep 2021 14:18:38 GMT

@Leftz you don't need a condition on the default policy set. If you have more than one policy set you will need a unique condition to differentiate between the 2 policy sets.

Re: Policy Set function on authentication and authorization.

Leftz — Wed, 15 Sep 2021 19:08:53 GMT

Understood. Thank you Rob!