cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
1
Helpful
3
Replies

Umbrella - Configuring an on-prem policy and off-prem policy /w VA

guacamoley
Level 1
Level 1

Hi all, 

   A design question from a policy point of view - I currently have a policy for employees which includes their AD groups. Currently we have a VA onpremise and are utilizing Roaming Client for their devices. I want to have a policy for on-prem and for off-prem with these mobile devices. I understand that I can configure "Backoff Behind Virtual Appliance" for when the device is on premise but my question is this: If I am using VA, how will I be able to configure a policy for on-prem vs off-prem? Since the policy is tied to AD groups and both on-prem and off-prem will be acquiring AD information, I can never specify two policies right since it will always just hit the top prio policy right? 

2 Accepted Solutions

Accepted Solutions

guacamoley
Level 1
Level 1

I think I figured this out. I can associate the on site users with the "Internal Networks" identity and make it higher priority. This will allow for the on premise filtering. 

 

edit: Nevermind this won't work because then everyone at that site will get the employee policy! 

View solution in original post

Deploy a policy for Roaming Clients and a backoff policy for devices hitting the VAs. Set the backoff policy above the roaming policy.

When they are in the office they will backoff and hit the VA policy, when roaming they'll fall through to the roaming device policy.

View solution in original post

3 Replies 3

guacamoley
Level 1
Level 1

I think I figured this out. I can associate the on site users with the "Internal Networks" identity and make it higher priority. This will allow for the on premise filtering. 

 

edit: Nevermind this won't work because then everyone at that site will get the employee policy! 

Deploy a policy for Roaming Clients and a backoff policy for devices hitting the VAs. Set the backoff policy above the roaming policy.

When they are in the office they will backoff and hit the VA policy, when roaming they'll fall through to the roaming device policy.

Thanks Ken, but isn't Back off settings not really per-policy but instead a global setting for all roaming clients?