Configuring Ivanti Policy Secure with Nozomi Networks

The network security devices are configured with Ivanti Policy Secure for admission access control. A high-level overview of the configuration steps needed to set up and run the integration is described below:

  • The Administrator configures the basic Ivanti Policy Secure configurations such as creating an authentication server, authentication realm, user roles, and role mapping rules.Ivanti

  • Configure Nozomi Networks SCADAguardian as a client in Ivanti Policy Secure.

  • Configure Ivanti Policy Secure details in SCADAguardian

  • Configure Ivanti Policy Secure to block/quarantine the endpoint based on the SCADAguardian admission control template.

Admission Control Template

The admission control template provides the list of possible events that can be received from the network security device along with regular expression to parse the message. The template also provides possible actions that can be taken for an event.

Ivanti Policy Secure(Ivanti Policy Secure) is loaded with default templates for SCADAguardian (nozomi-scadaguardian-cef.itmpl).

You can view the list of configured integration templates that provides the list of network security devices and the supported protocol type using Endpoint Policy > Admission Control > Templates.

To view the admission control templates:

  1. Select Endpoint Policy > Admission Control > Templates.


    Admin can also create templates and can upload it to Ivanti Policy Secure.

Admission Control Policies

The admission control policies define the list of actions to be performed on Ivanti Policy Secure for the user sessions. The actions are based on the event and the severity information received from the network security device.

To view and add the new integration policy:

  1. Select Endpoint Policy > Admission Control > Policies.

  2. Click New Policy.

  3. Enter the policy name.

  4. Select Nozomi Networks-SCADAguardian-Syslog-CEF as a template.

  5. Under Rule on Receiving, select the event type severity score. Refer to Event Types supported by Nozomi Networks for more information on supported event types. The event types and the severity score are based on the selected template.

  6. Under then perform this action, select the desired action.

    • Ignore (log the event) —Received syslog event details are logged on the Ivanti Policy Secure and no specific action is taken.

    • Terminate user session— Terminates the user session on the Ivanti Policy Secure for the received messages.

    • Block the endpoint from authenticating to the network — Blocks the endpoint from authenticating to the network.

    • Put the endpoint into a quarantine network by assigning this role — choose the role to put endpoint in quarantine role. Specify whether to apply the role assignment permanently or only for the session.

    Admission Control Policy action is not taken for endpoints behind Network Address Translation (NAT).

  7. Under Roles, specify:

    • Policy applies to ALL roles—To apply the policy to all users.

    • Policy applies to SELECTED roles—To apply this policy only to users who are mapped to roles in the Selected roles list. You must add roles to this list from the Available roles list.

    • Policy applies to all roles OTHER THAN those selected below—To apply this policy to all users except for those who map to the roles in the Selected roles list. You must add roles to this list from the Available roles list.

  8. Click Save changes.

Once the policy is created. You can see the summary page as shown below. The following page shows the different policies created for different events with different user roles.

Admission Control Client

The admission control clients are the network security devices on which the syslog forwarding is enabled. The messages are received by the syslog server module running on Ivanti Policy Secure.

To add a client:

  1. Select Endpoint Policy > Admission Control > Clients.

  2. Click New Client.

  3. Enter the name of the client.

  4. Enter the description.

  5. Enter the IP address of the Nozomi client.

  6. Select the Protocol Type as Syslog.

  7. Select the Vendor as Nozomi Networks.

  8. Select Device Type as SCADAguardian.

  9. Click Save Changes.