Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
1
Helpful
3
Replies

Umbrella - Configuring an on-prem policy and off-prem policy /w VA

Go to solution
guacamoley
Level 1
Level 1

‎06-05-2024 07:54 AM - edited ‎06-05-2024 07:58 AM

Hi all, 

   A design question from a policy point of view - I currently have a policy for employees which includes their AD groups. Currently we have a VA onpremise and are utilizing Roaming Client for their devices. I want to have a policy for on-prem and for off-prem with these mobile devices. I understand that I can configure "Backoff Behind Virtual Appliance" for when the device is on premise but my question is this: If I am using VA, how will I be able to configure a policy for on-prem vs off-prem? Since the policy is tied to AD groups and both on-prem and off-prem will be acquiring AD information, I can never specify two policies right since it will always just hit the top prio policy right? 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
guacamoley
Level 1
Level 1

‎06-05-2024 08:09 AM - edited ‎06-05-2024 08:29 AM

I think I figured this out. I can associate the on site users with the "Internal Networks" identity and make it higher priority. This will allow for the on premise filtering. 

 

edit: Nevermind this won't work because then everyone at that site will get the employee policy! 

View solution in original post

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎06-05-2024 08:11 AM

Deploy a policy for Roaming Clients and a backoff policy for devices hitting the VAs. Set the backoff policy above the roaming policy.

When they are in the office they will backoff and hit the VA policy, when roaming they'll fall through to the roaming device policy.

View solution in original post

3 Replies 3

Go to solution
guacamoley
Level 1
Level 1

‎06-05-2024 08:09 AM - edited ‎06-05-2024 08:29 AM

I think I figured this out. I can associate the on site users with the "Internal Networks" identity and make it higher priority. This will allow for the on premise filtering. 

 

edit: Nevermind this won't work because then everyone at that site will get the employee policy! 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎06-05-2024 08:11 AM

Deploy a policy for Roaming Clients and a backoff policy for devices hitting the VAs. Set the backoff policy above the roaming policy.

When they are in the office they will backoff and hit the VA policy, when roaming they'll fall through to the roaming device policy.

Go to solution
guacamoley
Level 1
Level 1
In response to Ken Stieers

‎06-05-2024 08:14 AM - edited ‎06-05-2024 08:25 AM

Thanks Ken, but isn't Back off settings not really per-policy but instead a global setting for all roaming clients? 

0 Helpful
Customers Also Viewed These Support Documents