Users Guide
Figure 280: Add Enforcement Policy (Rules Tab)
Field Description
Add/Edit Rule Bring up the rules editor to add/edit a rule.
Move Up/Down Reorder the rules in the enforcement policy.
Remove Rule Remove a rule.
Table 160:
Add Enforcement Policy (Rules tab)
Field Description
Conditions/Enforcement
Profiles
Select conditions for this rule. For each condition, select a matching action (Enforcement
Profile).
NOTE: A condition in an Enforcement Policy rule can contain attributes from the following
namespaces: Tips:Role, Tips:Posture, and Date.
NOTE: The value field for the Tips:Role attribute can be a role defined in Policy Manager,
or a role fetched from the authorization source. (Refer to see how Enable as Role can be
turned on for a fetched attribute). Role names fetched from the authorization source can be
entered freeform in value field.
To block access to WorkSpace and Workspace apps if the device is not MDM managed,
choose Application:ClearPass in the Type field and select Device-MDM-Managed and set
value to False.
To commit the rule, click Save.
Enforcement Profiles If the rule conditions match, attributes from the selected enforcement profiles are sent to
Network Access Device. If a rule matches and there are multiple enforcement profiles, the
enforcement profile disambiguation rules apply. Refer to "Configuring Enforcement
Profiles " on page 250 for a list of the default profiles.
Table 161:
Add Enforcement Policy (Rules Editor)
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Enforcement | 283