User Access Manager Help >> Operation Guide >> User Access Policy >> Service Parameters >> System Settings >> Configure Policy Server Parameters

Configure Policy Server Parameters

This function provides configuration of policy servers .

Parameters

• Enable Policy Server / Enable IPv6 Policy Server: Enable the IPv4, IPv6, or both policy servers for UAM device-independent features and EAD security authentication. Select the Enable Policy Server option to enable the IPv4 policy server for all IPv4 access devices on IPv4 networks or IPv4/IPv6 dual-stack networks. In this case, the iNode client and proxy server use IPv4 addresses. Select the Enable IPv6 Policy Server option to enable the IPv6 policy server for all IPv6 access devices on IPv6 networks or IPv4/IPv6 dual-stack networks. In this case, the iNode client and proxy server use IPv6 addresses. You can select both options if both IPv4 and IPv6 access devices exist on your network. In this case, the iNode client and the proxy server will automatically adapt the proper IP version for communication.
• Configuration Port of Policy Server: The port that the policy server uses to listen to updates from the console. Modify this port only when the listening port of the security policy server is modified in the configuration file.
• Listening Port of Proxy Server: The port that the proxy server uses to receive security authentication requests from a user passing identity authentication. Modify this port only when the listening port of the proxy server is modified in the configuration file.
• Policy Server Log Level: Specifies the log level, which currently can be Fatal, Error, Warning, Info or Debugging, in descending order. The policy server will log all syslog messages of that level and above. Note that the Debugging level will consume a large quantity of system resources and is therefore not recommended in normal cases.
• NAT IP address:Specifies the NAT IP address for the policy server.
• NAT IPV6 address:Specifies the NAT IPv6 address for the policy server.
• Heartbeat Interval: Interval in which the heartbeats are sent.
• Heartbeat Timeouts: Specifies time of heartbeats that the proxy server waits for. Once the threshold is violated, the client is deemed as abnormal.
• Packet Compression and Encryption: Enables or disables packet compression and encryption for the communication between the policy server and iNode client. Packet compression and encryption prevents communication failures due to transmitting large packets, and improves communication security. You can enable packet compression and encryption when the system is operating normally, and disable the function during system debugging and maintenance.
• Hard Disk SN Display Mode: Select whether to display the hard disk serial number bound to a user in hexadecimal strings or ASCII strings.
• Check OS Authorization Type Consistency: Select Yes to check whether the endpoint's OS authorization type matches that configured in the system.
• Enable Facial Recognition: Select whether to enable facial recognition for iNode authentication and specify the facial recognition server IP address and port number as needed.

Precautions

• After you make proper settings and click OK, the system sends the updates to the proxy server. At the prompt of proxy server update failure, check the configuration and the proxy server.