You can configure session and authentication policies to be enforced only during certain times as a method to enable or disable access for the users. For example, you can force the users only to login successfully between 8:00 AM and 5:00 PM by using a date and time expression in an authentication policy. You can use the same expression to allow only certain access privileges in a session policy between 8:00 AM and 5:00 PM but without locking the user out completely. The following is an example of such an expression:

TIME.BETWEEN '08:00:00GMT-21:00:00GMT'

Instructions

Creating a Session Policy with a Time Expression

To create a session policy with a time expression, complete the following procedure:

1. Expand the Access Gateway node.

2. Expand the Policy node.

3. Expand the Session Policy node.

4. Create a session policy or open an existing one.

5. Type the required date and time expression in the policy, as shown in the following screen shot. Ensure that you change the time according to the required time zone. The time zone in the policy should always be GMT.

   

6. Click OK.

7. Click Close.

8. Bind the session policy to a local user, a user group, or an Access Gateway Enterprise Edition Virtual server (vServer).

If the session policy bound to the user does not evaluate to true, such as because of a limit to what time of day the user is allowed to login, then the user the session policy bound to the Access Gateway Enterprise Edition VServer is applied to the user. If there is no session policy bound to the Access Gateway Enterprise Edition vServer, then the user gets access to the resources defined within the global Access Gateway Enterprise Edition settings.

When you limit the user who fails the time check, you should add most of the restrictions in the session policy or profile to which the user is assigned to. For example, if you use the global settings to catch the users failing the time check, then you should configure the global settings to allow only clientless VPN to one webpage. The webpage could be written to describe the conditions that cause the demotion of the access, such as the times of day when logins are allowed.

Creating an Authentication Policy with a Time Expression

To create an authentication policy with a time expression, complete the following procedure:

1. Expand the Access Gateway node.

2. Expand the Policy node.

3. Expand the Authentication Policy node.

4. Create an authentication policy or open an existing one.

5. Type the required date and time expression in the policy, as shown in the following screen shot. Ensure that you change the time according to the required time zone. The time zone in the policy should always be GMT.

   

Note: You cannot bind an authentication policy to a user or group. Therefore, an authentication policy that uses a time expression affects all users log in to the Access Gateway Enterprise Edition vServer. If you use the date and time expression in an authentication policy, then you can select the time within which the users can log in to the known working hours.