Managing IAG platform-specific endpoint policies

Applies To: Intelligent Application Gateway (IAG)

This section describes how you create, edit, and remove policies and expressions on IAG, for Windows, Mac OS, and Linux platforms.

For information about IAG endpoint policies and expressions, including where in IAG you assign policies, see Planning for IAG client endpoint policies.

Managing platform-specific policies

This section provides instructions on how you create, edit, and remove policies for Windows, Mac OS, and Linux platforms.

To create platform-specific policies

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Policies, and then click Add Policy.

  3. On the Policy Editor dialog box, under Select platform-specific policies, click the button next to the platform for which you want to manage the policy. For example, to manage Windows policies, click Manage Windows Policies.

  4. On the ManagePlatformPolicies and Expressions dialog box, click Add Policy.

  5. On the Policy Editor forPlatform dialog box, on the General Policy Settings pane, take the following steps:

    1. Assign a name, and then in the Category list, verify that Policies is selected.

    2. On the tree on the left, select a group of predefined variables; the title of the right pane changes to reflect the selected group. For example, if you select the group Browser, the title of the pane changes to Browser accordingly.

    3. In the right pane, select Enable Group, and then under Product, select one or more variables for the policy that you are currently creating.

      Note

      The field Explanatory Text Added to 'Access Denied' Message is not applicable for platform-specific policies.

      You can select as many groups and variables as required in order to define the policy.

      If you need to define additional variables or to use complex Boolean expressions in order to define the policy, access the advanced policy editor.

      Note

      Once you edit a policy in the advanced policy editor, you will only be able to open it for further editing in this editor; you will not be able to revert to editing in the basic policy editor.

      To access the advanced policy editor, click Create As Script, and then go to step 6.

    4. After you select all the required groups and variables, in the platform-specific policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Policy Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

  6. On the Advanced Policy Editor forPlatform dialog box, assign a name, and then verify that the Policies category is selected.

  7. Define policy components by doing one or more of the following:

    • In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.

    • In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.

    Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.

    After you define all the required policy components, in the platform-specific advanced policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Policy Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

To edit platform-specific policies

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Policies, and then click Add Policy.

  3. On the Policy Editor dialog box, under Select platform-specific policies, click the button next to the platform for which you want to manage the policy. For example, to manage Windows policies, click Manage Windows Policies.

  4. On the Manage Platform Policies and Expressions dialog box, under Components, in the policies tree, select the policy that you want to edit, and then click Edit Policy. If the Advanced Policy Editor for Platform dialog box appears, then skip to step 6.

  5. On the Policy Editor for Platform dialog box, on the General Policy Settings pane, make the necessary changes.

    Note

    The field Explanatory Text Added to 'Access Denied' Message is not applicable for platform-specific policies.

    You can select as many groups and variables as required in order to define the policy.

    If you need to define additional variables or to use complex Boolean expressions in order to define the policy, access the advanced policy editor.

    Note

    Once you edit a policy in the advanced policy editor, you will only be able to open it for further editing in this editor; you will not be able to revert to editing in the basic policy editor.

    To access the advanced policy editor, click Create As Script, and then go to step 6.

    After you make all the necessary changes, in the platform-specific policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Policy Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

  6. On the Advanced Policy Editor for Platform dialog box, make the necessary changes. Edit policy components by doing one or more of the following:

    • In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.

    • In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.

    Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.

  7. After you edit all the required policy components, in the platform-specific advanced policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Policy Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

To remove a platform-specific policy

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Policies, and then click Add Policy.

  3. On the Policy Editor dialog box, under Select platform-specific policies, click the button next to the platform for which you want to manage the policy. For example, to manage Windows policies, click Manage Windows Policies.

  4. On the Manage Platform Policies and Expressions dialog box, under Components, in the policies tree, select the policy that you want to remove, and then click Remove.

    Note

    You can only remove user-defined policies; you cannot remove system-defined policies.

    On the Manage Platform Policies and Expressions dialog box, click Close. On the Policy Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

Managing platform-specific expressions

This section provides instructions on how you create, edit, and remove expressions for Windows, Mac OS, and Linux platforms.

To create platform-specific expressions

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Expressions, and then click Add Expression.

  3. On the Expression Editor dialog box, click the button next to the platform for which you want to manage the expression. For example, to manage Windows expressions, click Manage Windows Expressions.

  4. On the Manage Platform Policies and Expressions dialog box, under Components, select the expressions tree, for example Windows Expressions, and then click Add Expression.

  5. On the Policy Editor for Platform dialog box, take the following steps:

    1. Assign a name, and then select the Expressions category.

    2. On the tree on the left, select a group of predefined variables; the title of the right pane changes in order to reflect the selected group. For example, if you select the group Browser, the title of the right pane changes to Browser accordingly.

    3. In the right pane, select Enable Group, and then under Product, select one or more variables for the expression that you are currently creating or editing.

      Note

      The field Explanatory Text Added to 'Access Denied' Message is not applicable for expressions.

      You can select as many groups and group items as required in order to define the expression.

      If you need to define additional variables or to use complex Boolean expressions in order to define the expression, access the advanced policy editor.

      Note

      Once you edit an expression in the advanced policy editor, you will only be able to open it for further editing in this editor; you will not be able to revert to editing in the policy editor.

      To access the advanced policy editor, click Create As Script, and then go to step 6.

    4. After you select all the required groups and variables, in the platform-specific policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Expression Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

  6. On the Advanced Policy Editor for Platform dialog box, assign a name, and then select the Expressions category.

  7. Define expression components by doing one or more of the following:

    • In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.

    • In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.

    Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.

    After you define all the required expression components, in the platform-specific advanced policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Expression Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

To edit platform-specific expressions

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Expressions, and then click Add Expression.

  3. On the Expression Editor dialog box, click the button next to the platform for which you want to manage the expression. For example, to manage Windows expressions, click Manage Windows Expressions.

  4. On the Manage Platform Policies and Expressions dialog box, under Components, expand the expressions tree, for example Windows Expressions, select the expression that you want to edit, and then click Edit Expression. If the Advanced Policy Editor for Platform dialog box appears, then skip to step 6.

  5. On the Policy Editor for Platform dialog box, make the necessary changes.

    Note

    The field Explanatory Text Added to 'Access Denied' Message is not applicable for expressions.

    You can select as many groups and group items as required in order to edit the expression.

    If you need to define additional variables or to use complex Boolean expressions in order to define the policy, access the advanced policy editor.

    Note

    Once you edit an expression in the advanced policy editor, you will only be able to open it for further editing in this editor; you will not be able to revert to editing in the policy editor.

    To access the advanced policy editor, click Create As Script, and then go to step 6.

    After you make all the necessary changes, in the platform-specific policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Expression Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

  6. On the Advanced Policy Editor for Platform dialog box, make the necessary changes.

  7. Edit expression components by doing one or more of the following:

    • In the Components list, click a component; a component can be either an existing expression or an existing variable. The selected component appears in the box on the right.

    • In the box, use VBScript-syntax free text in order to add or edit rules and rule components, as required; you can also delete rules and rule components in the box.

    Use the AND, OR, NOT, and parentheses operators in order to create a combination of as many components as you require.

  8. After you make all the necessary changes, in the platform-specific advanced policy editor, click OK, and then on the platform-specific policy management dialog box, click Close. On the Expression Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.

To remove a platform-specific expression

  1. In an area where you assign policies, click Manage Policies.

  2. On the Manage Policies and Expressions dialog box, under Components, select Expressions, and then click Add Expression.

  3. On the Expression Editor dialog box, click the button next to the platform for which you want to manage the expression. For example, to manage Windows expressions, click Manage Windows Expressions.

  4. On the Manage Platform Policies and Expressions dialog box, under Components, expand the expressions tree, select the expression that you want to remove, and then click Remove.

    Note

    You can only remove user-defined expressions; you cannot remove system-defined expressions.

    On the Manage Platform Policies and Expressions dialog box, click Close. On the Expression Editor dialog box, click Cancel, and then on the Manage Policies and Expressions dialog box, click Close.