{{ secondMenu.name }}
IAG device supports connection to Sangfor's Cyber Command for IAG to synchronize user information to Cyber Command and correlate with it. It realizes a pop-up notification of Internet access and account freezing.
User Information Synchronization
IAG devices can synchronize user authentication information to the Cyber Command device (The sharing of user authentication information among Sangfor devices includes local password authentication, external password authentication, SMS verification, single sign-on, and dkey authentication information).
For device configuration, go to Access Mgt > Authentication > Web Authentication > Single Sign-On (SSO) > Sangfor Appliance, and configure the forwarding policy and shared key in Send user credentials to other Sangfor appliances.
Then configure the Cyber Command device.
In the Cyber Command console, go to System Config > Device Management > New to add a new Internet access control device by configuring the IAG IP and shared secret key for the correlated device.
After configuration, in Asset Center > Endpoint, click User List to view the user list:
I[A328]f user information is not synchronized, click Synchronize Now to synchronize manually:
Note that clicking Synchronize Now can immediately synchronize the IAG device's user information and update it to the Cyber Command platform. However, this does not clear up the original user data on Cyber Command.
Open Ports on WAN Interface
The purpose of open ports is to configure Device Correlation later on.
If the IAG device is deployed in routing mode, the Cyber Command device needs to open the TCP9998 port on the WAN interface.
If it is in bridge mode or bypass mode, there is no need for this configuration. Only allow the TCP9998 port between IAG and Cyber Command in the network.
Device Correlation:
Support two correlation methods, including Auto-negotiation and Shared Secret. If both are enabled, passing either one of the authentication methods means that the correlation is complete.
• If there are relatively few IAG devices in the environment, choose the correlation method randomly.
• If there are relatively more IAG devices in the environment, choose auto-negotiation to reduce configuration.
• If multiple Cyber Command devices exist in the environment, choosing a shared secret to avoid negotiation errors is recommended.
Method 1: Auto-negotiation
IAG configuration
In System > General > Device Correlation, select Enable correlation for Sangfor devices.
In System > General > Device Correlation > Correlation Options, select Auto-negotiation.[LCH329][330]
Cyber Command configuration[331]
In the Cyber Command console, go to System Config > Device Management > New to add a new Internet access control device by configuring the IAG IP and shared secret key for the correlated device. There is no need to configure advanced options.[A332]
The device automatically negotiates the authentication account and the secret key:
Upon configuration completion, the status of the successfully correlated Cyber Command device can be seen on the IAG device.
[A333][U334]
Likewise, the status of the correlated IAG device can be seen on the Cyber Command console. 
[A335]
Method 2: Shared Secret.
IAG configuration
In System > General > Device Correlation, select Enable correlation for Sangfor devices.
In System > General > Device Correlation > Correlation Options, select Shared Secret.
[A336]
Cyber Command configuration
In Cyber Command, go to System Config > Device Management > New to add a new Internet access control device by configuring the IAG’s IP and shared secret key for the correlated device. It is required to configure the advanced options following that on the IAG device.
Upon configuration completion, the successfully correlated Cyber Command device status can be seen on the IAG device, and the device name is the customized one.
Likewise, the status of the correlated IAG device can be seen in the Cyber Command console.
On the Cyber Command device, click More > Response Tool Kit > Correlated Response > Correlated IAG.[A337]
Internet Accessing Prompting:
Support manual and automatic correlation prompting. Manual correlation prompting includes individual and batched Internet access prompting.
Individual manual Internet access prompting.
On the risky endpoint page, click a single IP address to correlate or click More > Correlated Response > correlated IAG interface to add a new device. The prompt message of Internet access prompting can use the system recommendation or be customized. The interface is shown below: 
Automatic Internet access prompting
The user can go to More > Correlated Response > correlated IAG interface to start automatic Internet access prompting. The interface is as follows: 
Internet access prompting effect: use the system's pop-up recommended by the system, as shown in the picture. 
Account freezing
Freeze Online User List on IAG device.
{{ $t('index.defaultHeader.chromeBrowserTip') }}