Using the rule registry command, you can configure a rule for checking registries to check the registry on the user terminal.
rule rule-name registry key key-name
rule rule-name registry item [ item-name ] type { reg-sz | reg-expand-sz | reg-binary | reg-dword }
rule rule-name registry value item-value [ modify ]
| Parameter | Description | Value |
|---|---|---|
| rule-name | Specifies the name of the rule. | The value is a string of 1 to 63 characters. |
| key-name | Specifies the key value of the registry item, which consists of the root key and sub-key values. | The root key value includes HKEY_CURRENT_USER, HKEY_CLASSES_ROOT, HKEY_LOCAL_MACHINE, HKEY_USERS, and HKEY_CURRENT_CONFIG. The sub-key value is a string of 1 to 127 characters. For example, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings name. |
| item-name | Specifies the name of the registry item. | The value is a string of 1 to 127 characters. If the name of the registry item is empty, it indicates that the registry item is the default item. |
| reg-sz | Indicates the type of the registry item. The value is a string of characters with a fixed length. | - |
| reg-expand-sz | Indicates the type of the registry item. The value is a string of characters with no fixed length and can contain an environment variable. | - |
| reg-binary | Indicates the type of the registry item. It is in the binary type. | - |
| reg-dword | Indicates the type of the registry item. It is in the double word type. | - |
| item-value | Specifies the value of the registry item. | The value is a string of 1 to 127 characters. |
| modify | Indicates that the value of the registry item is modified. When the registry on the user terminal is forcibly modified to be the registry configured on the FW when the two registries are different. After the value of the registry is modified, the user terminal is allowed to pass the rule check. | - |
After the rule for checking the registry is configured, the user terminal can pass the rule check only when the registry on the user terminal is identical with the configured registry.
# Configure the rule for checking the registry as rule1 to disable the IE proxy function. If the registry on the user terminal is found to be different from the registry configured on the FW during the check process, the registry is modified.
<sysname> system-view [sysname] v-gateway abc [sysname-abc] hostchecker [sysname-abc-hostchecker] eps-policy policy1 [sysname-abc-hostchecker-policy1] rule rule1 type registry [sysname-abc-hostchecker-policy1] rule rule1 registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings name [sysname-abc-hostchecker-policy1] rule rule1 registry item ProxyEnable type reg-dword [sysname-abc-hostchecker-policy1] rule rule1 registry value 0 modify