Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
groupsettings [2020/10/28 06:51] rafi [Access Privatise ROC-DNS] |
groupsettings [2020/12/13 07:26] (current) rafi |
||
|---|---|---|---|
| Line 60: | Line 60: | ||
| {{:: | {{:: | ||
| + | Once logged in, you will get an overview of your Privatise DNS including query logs, queries that were blocked, etc. For more information on Privatise ROC-DNS & our DNS Filtering solution with the ROC, please go to [[ROC-DNS | ROC-DNS]]. | ||
| + | ==== Edit General Group Setings ==== | ||
| + | |||
| + | Under your group, you'll have access to managing general settings for that group. | ||
| + | |||
| + | There you'll be able to: | ||
| + | |||
| + | 1. Enable PrivatiseGuard (Privatise over WireGuard on Windows). This is only available when you have a ROC provisioned and enabled, and should be used specifically for users with latency issues. Split Tunneling/ | ||
| + | |||
| + | 2. Enable Full Control. This prevents the user from having any access to the VPN. They will not be able to turn it on, off, or exit Privatise. All of their settings will be managed by the MSP from the managed user portal. | ||
| + | |||
| + | 3. Trusted Networks. Enable or disable Trusted Networks on the endpoints. Enabling will allow users to add Trusted Networks via the client app. Global Trusted Networks will continue to work with this disabled, and Full Control overrides Trusted Networks. | ||
| + | |||
| + | 4. Windows Auto Update. Enable or disable Windows auto update. | ||
| + | |||
| + | {{: | ||
| + | |||
| + | ==== ROC SD Control / Virtual Firewall ==== | ||
| + | |||
| + | ROC SD Control is available for compliance with regulations like Cyber Essentials. By default, Privatise ROCs are locked down which the exceptions of ports used for the OpenVPN, IPSec, or WireGuard protocols. Those ports require a signed certificate in order to access, and are open for a business reason and have no compliance issues. | ||
| + | |||
| + | The one port that is open to the world is 8443 for the ROC-DNS Threat Detection dashboard. You have the option of closing that port, or opening it exclusively to certain IPs. | ||
| + | |||
| + | Unless you have specific compliance regulations that require you to close 8443, we recommend leaving the virtual firewall as is. | ||
| + | |||
| + | {{:: | ||
| + | |||
| + | |||
| + | ==== GEO Settings ==== | ||
| + | |||
| + | If you have a ROC enabled, it will override GEO Settings as for security, endpoints will be forced to connect to the ROC/VLAN. For users that do not require advanced security and want to use Privatise to surf from different locations, for example for research. You can put the user or device in a group without a ROC and enable GEO Settings as seen below. | ||
| + | |||
| + | | ||
| + | |||
| + | ==== Global Trusted Networks ==== | ||
| + | |||
| + | Sometimes you might want to set up automated, global Trusted Networks for users and devices in the group. You would do this if: | ||
| + | |||
| + | 1. You want to deploy Privatise primarily on remote devices. For example a laptop that an employee brings back and forth from home to the office. Trusted Networks can turn Privatise off when in the office, and on again when back at home. | ||
| + | |||
| + | 2. Some employees travel to different client sites, and you want to disable Privatise on those sites because they need access to that internal DNS for whatever reason. | ||
| + | |||
| + | To set up Global Trusted Networks, go to " | ||
| + | |||
| + | 1. The SSID of the network you want to add. This is for your internal use so you remember what network you're adding. | ||
| + | 2. The BSSID of the network you want to add. This is the most important part, as the Privatise app will check for the BSSID of the network interface on the gateway it's connected to to see whether or not it's trusted. | ||
| + | 3. Whether WiFi or Ethernet. WiFi and Ethernet typically are on different radio devices on the router/ | ||
| + | |||
| + | {{:: | ||
| + | |||
| + | Here's how to get the BSSID of the interface card on the router/ | ||
| + | |||
| + | For WiFi: | ||
| + | Type netsh wlan show interfaces in the command line (CMD). | ||
| + | Check the WiFi that you are currently connected to, and look for the physical address. That is the BSSID . | ||
| + | Enter that BSSID along with a nickname for your SSID into the Portal. | ||
| + | | ||
| + | {{:: | ||
| + | |||
| + | For Ethernet: | ||
| + | Type arp -a into the command line (CMD). | ||
| + | Check for Internet Address/NAT of your gateway (generally a router). Next to that will be the Physical Address of the gateway. That is your BSSID. | ||
| + | Enter the BSSID along with a nickname where it says SSID into the Portal. Make sure to click " | ||
| + | | ||
| + | {{:: | ||
| + | |||
| + | ==== Custom DNS ==== | ||
| + | |||
| + | Sometimes you'll want to override the ROC-DNS with a custom DNS solution you might be using. We recommend switching to ROC-DNS, but if you're locked in a contract, here's how to override Privatise ROC-DNS with your own. | ||
| + | Go to Custom DNS under Group Settings on the right. | ||
| + | Click " | ||
| + | Add the IP of your custom DNS solution | ||
| + | | ||
| + | {{:: | ||
| + | |||
| + | ==== Allow List/ | ||
| + | |||
| + | There are some websites that try to actively block VPN connections. In general, there are three ways you can try to bypass a VPN block: | ||
| + | |||
| + | 1. Activate TCP under Settings in the app itself (currently available in Windows) | ||
| + | |||
| + | 2. Active WireGuard if you have a ROC enabled | ||
| + | |||
| + | 3. Add the website to an allow list (Recommended). | ||
| + | |||
| + | To add a website to the allow list, go to " | ||
| + | |||
| + | // | ||
| + | // | ||
| + | |||
| + | {{:: | ||