Working with hybrid service clients

If you have the Hybrid Module, the hybrid service can manage Internet requests originating from external IP addresses (locations) that you configure, and for requests from users in unrecognized locations (off-site users, for example) that log on to the hybrid service.

The hybrid service can apply policies (created in the Security Manager) to:

• Users, groups, and domains (OUs) defined in a supported, LDAP-based directory service

  This requires that Directory Agent be installed and configured (see Identification and authentication of hybrid users).

• Filtered locations, identified on the Settings > General > Filtered Locations page. A location is identified by the external IP address, IP address range, or subnet of one or more firewall or gateway machines.

The hybrid service does not apply policies to individual client machines in your network

Directory clients (users, groups, and OUs) managed by the hybrid service are identified on the Policy Management > Clients page, just like those whose requests are managed by on-premises components.

Applying a policy to a filtered location is similar to applying a policy to a computer or network client:

1. Add the location to the Settings > General > Filtered Locations page (see Filtered locations).
2. Add the IP address or range that appears on the Filtered Locations page as a computer or network client on the Policy Management > Clients page (see Working with computers and networks).
3. Apply a policy to the IP address or range.

Any time no user, group, or location policy applies, the Default policy is used.