VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0 Manual de usuario descargar pdf (Pagina 5)

What’s New in PAN-OS 6.0

 Agent Update Control—The client configurations delivered by GlobalProtect now have two additional options (disable

and manual) for controlling GlobalProtect agent upgrades:

o By default, the portal will prompt the agent to upgrade whenever a new version is available.

o Transparent: enables automatic upgrades that do not require user interaction.

o Disable: (new) prevents agent upgrades.

o Manual: (new) allows end users to initiate agent upgrades.

 HIP Profile Support for Client DLP Products—The GlobalProtect agent by default now collects vendor-specific data

about whether data loss prevention (DLP) software is installed and/or enabled on Windows hosts. DLP software is used

to prevent sensitive corporate information from leaving the corporate network or from being stored on a potentially

insecure device. Because this information is now collected from Windows host systems, you can include DLP as

matching criteria for the HIP profiles you create, thereby enabling you to use DLP compliance as criteria for your

security policies.

 Transparent One-Time Password (OTP) Support—To simplify the GlobalProtect user authentication process and

make it more transparent for the end user when authenticating to the portal and the gateway, the portal now includes

settings for modifying the default authentication behavior on a per-client configuration basis. The following

Authentication Modifier settings are now available

o Cookie authentication for config refresh—Enables the agent to use an encrypted cookie to authenticate to

the portal when refreshing a configuration that has already been cached (the user will always be required to

authenticate to the portal for the initial configuration download and upon cookie expiration). This simplifies the

authentication process for end users because they will no longer be required to log in to both the portal and the

gateway in succession or enter multiple OTPs for authenticating to each.

o Different password for external gateway—Disables the forwarding of credentials to some or all gateways,

enabling the gateway to immediately prompt for its own set of credentials. This option accelerates the

authentication process when the portal and the gateway require different credentials (either differentOTPs or

different login credentials entirely). Or, you can choose to use a different password on manual gateways only.

With this option, the portal will forward credentials to automatic gateways but not to manual gateways, allowing

you to have the same security on your portals and automatic gateways, while requiring a second factor OTP or

a different password for access to those gateways that provide access to your most sensitive resources.

 Certificate Authentication Enforcement—Enhancements have been made to how client certificate authentication is

enforced in various scenarios as follows:

o If a certificate profile is configured on the GlobalProtect portal, the client must present a certificate in order to

connect. This means that certificates must be pre- deployed to the end clients before their initial portal

connection.

o If the certificate profile specifies a Username Field, the certificate presented by the client must contain a

username in order to connect. Furthermore, if both an authentication profile and a certificate profile with the

Username Field are configured, the end user will be forced to use the username from the certificate to log in for

authentication against the configured authentication profile.

o For agents configured with the pre-logon connect method, if the new Cookie authentication for config refresh

setting is enabled, you no longer need to configure a certificate profile for pre-logon authentication; in this case

the portal will use the cookie to authenticate the client prior to user logon.



GlobalProtect Mobile Security Manager and the GP-100 Appliance—Provides, management, visibility, and

automated configuration deployment of iOS and Android-based mobile devices—either company provisioned or

employee owned. With Mobile Security Manager you can create user- and/or HIP-based deployment policies that allow

you to push application configurations (such as email and VPN configurations) to your employees’ mobile devices.

The Mobile Security Manager requires the devices it manages to check-in regularly to ensure that the device is in

compliance, pushing new configuration to devices if the device status changes (for example, if the Mobile Security

Manager determines it has an app with malware installed) or to push an updated policy to the device. Additional device

management action you can execute include: locking the device, sounding an alarm to help locate the device, or even

wiping a device that has been compromised. GlobalProtect gateways can retrieve HIP report information for the devices

managed by the Mobile Security Manager and use the information to enforce security policies for devices that connect

to your network. The Mobile Security Manager runs on the GP-100 appliance. For more information, please review the

GlobalProtect datasheet.

1 2 3 4 5 6 7

What’s New in PAN-OS 6.0 1

Comentarios a estos manuales

Sin comentarios

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0 Manual de usuario Pagina 5

Comentarios a estos manuales

Relacionado con productos y manuales para Gateways / Controladores VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0