topic Re: what is the purpose of disconnected policy? in Endpoint

what is the purpose of disconnected policy?

LazarusG — Tue, 13 Feb 2024 11:24:33 GMT

I hope you can help.

We have a requirement to prevent users on non-corporate networks from copying data to network devices such as a NAS - so this is network traffic not port protection and I guess it would fall under the firewall blade(?)

I was thinking I could use the disconnected policy (not defined by default) however the definition in the harmony manual is (paraphrased) 'Disconnected state rule is enforced when an endpoint computer is not connected to the Harmony Endpoint Security Mangement server - eg you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources'

However, this suggests that the endpoint doesn't have internet access if it can't reach the cloud portal(?)

Is the disconnected policy a correct use case here? If so are there any examples of how to set it up (I dont seem to be able to find any). Would I have to define all corp networks as objects in the trust zone so that anything else is by default in the internet zone object?

If I want to limit access when not connected to corp resources would network location awareness be a more appropriate feature?

Many Thanks!

Re: what is the purpose of disconnected policy?

Chris_Atkinson — Tue, 13 Feb 2024 12:05:15 GMT

Specifics aside for the moment the use case you describe is typically where the EPM is on-prem and perhaps only contactable by VPN or similar.

Location awareness is often more about determining under what conditions a VPN connection should be attempted.

Re: what is the purpose of disconnected policy?

_Val_ — Tue, 13 Feb 2024 13:39:13 GMT

I think you misunderstand the meaning of the policy. Let's see how it is defined in the admin guide:

Disconnected state rule is enforced when an endpoint computer is not connected to the Harmony Endpoint Security Management Server. For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources. You can define a Disconnected policy for only some of the Endpoint Security components.

Then, there is an example of how functionalities can be defined:

It is up to you how to define the FW rules in the disconnected policy, and if you believe Internet connectivity should be allowed, you can do that.

Re: what is the purpose of disconnected policy?

the_rock — Tue, 13 Feb 2024 14:05:59 GMT

Pretty much what @_Val_ said is what TAC provided us while back.

Best,

Andy

Re: what is the purpose of disconnected policy?

LazarusG — Tue, 13 Feb 2024 15:52:54 GMT

Hi thanks for the clarification around NLA - although this is for endpoint harmony cloud. How can the endpoint know its not on a corporate network if it has internet access and therefore can always reach the cloud instance? If we only want to impose restrictions when not connected to corporate resources this suggests that this would be when not connected to vpn(?)

How can I define all networks/services that are not trusted and disallow them in policy - but allow them if they are connected to a corporate environment.

Apologies If Im misunderstanding.

Re: what is the purpose of disconnected policy?

Machine_Head — Tue, 13 Feb 2024 16:02:01 GMT

client settings > general

Re: what is the purpose of disconnected policy?

LazarusG — Tue, 13 Feb 2024 16:26:14 GMT

nice! thanks!

Re: what is the purpose of disconnected policy?

LazarusG — Wed, 14 Feb 2024 09:29:42 GMT

It would still be nice to have some kind of an example offline/disconnected policy in documentation or the manual. Our customer says they had this when they had an on-prem Endpoint server, Now they have ben challenged by auditors to prove offline file copies are not allowed and nothing exists in the portal. I'm uncertain how to go about constructing it.

Re: what is the purpose of disconnected policy?

the_rock — Wed, 14 Feb 2024 12:18:29 GMT

I agree, it would be beneficial.

Andy