Allowing temporary web access

The temporary web access mechanism allows a user to bypass Network protection rules in the policy, with specific applications and for a duration that you can set.

When this duration expires, new connections will be blocked once more, according to the rules in the security policy. However, applications for which connections were opened during temporary web access will not be shut down, and existing connections will not be interrupted.

Temporary web access makes it possible to manage mobile users who want to log in to their corporate network via a VPN tunnel from unsecure networks. When these workstations are outside the corporate network, the security policy that applies may prevent communications over the network. Temporary web access therefore allows them to temporarily unblock the VPN client and browser upon users’ request, so that the client can log in to the corporate network and switch to the internal security policy. Users will then be able to use their workstations normally.

Temporary access only needs to be allowed on one of the policies assigned to an agent group for this feature to be available on the agent side.

The temporary web access feature is available only in protection rule sets.

This feature is disabled by default. If there are several protection rule sets in your security policy, ensure that you enable the policy only for the set(s) in which you want to configure temporary web access, and arrange your rule sets in the right order in the policy. If you enable and allow temporary web access in a rule set near the top of the policy, this rule may overload and cancel the effect of the temporary web access configuration in the rule sets that follow.