This section defines the XML tags used to specify general NBA policy settings. For example, these tags specify which policy engines are available to the NBA and which network domains indicate to the NBA that an email may have already been processed.
Contains the policy engine tags and NBA logging tags described below and on <logging>.
Defaults to an empty string.
Specifies a list of DNS domains. The NBA checks the ‘policy processed’ status of any emails arriving from these domains to ensure that emails passing through the NBA are not needlessly reprocessed.
When the Socket API generates a notification email, or when the Quarantine Manager releases an email from quarantine, these components write a custom header containing the domain details and ‘policy processed’ status to those emails. These domain details are then compared against the domain list defined for <enterprisednslist>.
The Enterprise MailServer DNS List field in the Policy screen of the NBA console has exactly the same effect as this policy tag.
Always set to type="stringListType".
Identifies a single DNS domain name. If required, use multiple <element> tags to identify multiple domains.
Each <element> supports a single attribute.
value
Specifies a DNS domain. For example:
<element value="unipraxis.com"/>
Defaults to an empty string (no policy engines).
Identifies the policy engines or PE hub that the NBA will use when running in active mode. Machines hosting a policy engine or PE hub are identified by their IP address and port number.
More accurately, this tag identifies machines hosting the CA DataMinder Socket API which, by definition, also host a policy engine or PE hub.
The Policy Analyzer Addresses field in the Policy screen of the NBA console has exactly the same effect as this policy tag.
This tag supports a single type attribute and one or more nested <element> tags.
Always set to type="stringListType".
Identifies a single host machine.
If multiple <element> tags are used to identify multiple machines (each hosting a policy engine), the policy engines are assigned separately to NBA processors on a round-robin basis. For example, if six host machines are specified, one policy engine is assigned to each of the six processors on the NBA. If fewer than six are specified, the policy engines are shared by the NBA processors.
Each <element> supports a single value attribute—see below.
value
Specifies the IP address and port number of a host machine. The default port is 8539. The syntax is:
value="IP_address:port"
For example:
<element value="10.0.1.96:8539"/> <element value="10.0.1.98"/>
Defaults to an empty string (no policy engines).
Identifies the standby policy engines or standby PE hub that the NBA can use. If the active policy engines or hub become unavailable (for example, because of a system failure), the NBA switches to using the standby policy engines or hub.
The Standby Analyzer Addresses field in the Policy screen of the NBA console has exactly the same effect as this policy tag.
The tag syntax is the same as for the <analyzeservers> tag above.
Defaults to true. This tag specifies whether the NBA applies policy to incomplete data streams, or whether it disregards them.
Incomplete data streams are missing one or more data packets (or frames). The missing packets mean that the NBA is unable to fully reassemble the email or file object.
This tag supports type and value attributes:
Always set to type="booleanType".
Can be set to:
value="true"--Captures and processes incomplete streams.
value="false"--NBA disregards incomplete streams.
For example:
<capturepartialobjects type=boolezanType" value="true" />
Specifies whether to record user FTP session details. When enabled, the NBA records any FTP commands run by a user during an individual FTP session. The sequence of commands and responses are combined into a single event and sent to policy engines for processing.
This provides reviewers with additional insight into any FTP transfers performed or attempted by users. For example, these ‘FTP events’ identify the logged on user and the file being transferred. When sent to policy engines, FTP events are analyzed by Data In Motion triggers.
Be aware that you cannot configure triggers to block these FTP commands because they are captured after the commands have run. This tag is provided primarily for monitoring purposes.
To use this feature, the NBA policy must include an application filter where the <protocols> tag is set to detect the FTP protocol and the <action> tag set to analyze. These are described in the Application Filter Tags section.
Always set to type="booleanType".
Set this to true to capture FTP session commands. Set it to false if you do not want the NBA to record this information.
Identifies an HTML template that contains the notification message shown to users when a Web page, file upload or Webmail is blocked.
By default, the NBA looks for this file in the \config folder on the NBA (that is, in the same folder as nbapolicy.xml). The NBA FTP folder structure is described in What is on the NBA?.
Always set to type="stringType".
Specifies the name of your template file.
You can set the value to include path details if, for example, you store your template in a subfolder below the \config folder.
If this tag is omitted completely from the NBA policy, the NBA defaults to use blocktemplate.html.
Specifies the title text for the notification message shown to users when a Web page, file upload or Webmail is prohibited by an NBA application filter.
Always set to type="stringType".
Specifies the title for the notification message. For example:
<prohibittitle value="Unipraxis Advisory"/>
Specifies the body text for the notification message shown to users when a Web page, file upload or Webmail is prohibited by an NBA application filter. Or it can specify an alternative URL.
Always set to type="stringType".
Specifies the body text for the notification message, for example:
<prohibitmessage value="You are not authorized to visit this Web site"/>
To include line breaks within the body text based on <br> tags, for example to divide the message into separate paragraphs, you must use < and > codes instead of angle brackets:
<prohibitmessage value="You are not authorized to visit this site. <BR>Contact HR for details.">
Alternatively, you can redirect users to an alternative URL. Instead of an explanatory message, the tag can specify a URL; remember to include the http:// prefix. For example:
<prohibitmessage value="http://www.hr.unipraxis.com"/>
Note: There is a 1,000 character limit for NBA notification messages (including the title).
|
Copyright © 2014 CA.
All rights reserved.
|
|