How to restrict access for NetExtender / Mobile Connect users based on policy for IP address?

01/23/2021 23 People found this article helpful 36,324 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

While we have the feature of adding client routes based on user level, still network administrators might want to restrict access based on services. In other case, give access to entire network and restrict access to few servers in network to ensure high security.

Policies give privilege to Administrators to allow/deny access to resources/services based on IP address/Network.

This can be achieved by two methods

Method 1: Under Services -> Policies.

Step 1: Login to the management interface of the SRA device.

Step 2: Navigate to Services->Policies, Add policy.

Method 2: Navigate to User/group->configure->Policies->Add policy.

Policy Owner:

- Global applies to all the users and domains.

-  Group Policy: We shall select which group/domain we want to apply this policy.

- User policy: Applies to a particular user.

Apply Policy To: Here we can select for which resource we would to access / deny access. For example, an IP address/Network/Server path (file shares)/URL/IPV6 address.

Below example shows adding policy with IP address.

Policy Name: Give a friendly name

IP Address: IP address for which you want to allow/restrict access

Port Number is optional. If it's not a custom port, we shall always choose from the predefined service drop down list.

Status: Allow/Deny

Click Accept to save the changes.

Below screenshot shows Global policy, so it will be applied to all users.

Related Articles

• Initial Setup Guide of SMA1000 for high security environments
• How can I get root access to SMA100
• SMB SSL-VPN: User principal name (UPN) support on SMB SSL VPN devices

Categories

• Secure Mobile Access > SMA 100 Series
• Secure Mobile Access > SMA 1000 Series