How to restrict access for NetExtender / Mobile Connect users based on policy for IP address?

01/23/2021 23 14459

DESCRIPTION:

While we have the feature of adding client routes based on user level, still network administrators might want to restrict access based on services. In other case, give access to entire network and restrict access to few servers in network to ensure high security.

Policies give privilege to Administrators to allow/deny access to resources/services based on IP address/Network.

This can be achieved by two methods

Method 1: Under Services -> Policies.

Step 1: Login to the management interface of the SRA device.

Step 2: Navigate to Services->Policies, Add policy.

Method 2: Navigate to User/group->configure->Policies->Add policy.

Policy Owner:

- Global applies to all the users and domains.

-  Group Policy: We shall select which group/domain we want to apply this policy.

- User policy: Applies to a particular user.

Apply Policy To: Here we can select for which resource we would to access / deny access. For example, an IP address/Network/Server path (file shares)/URL/IPV6 address.

Below example shows adding policy with IP address.

Policy Name: Give a friendly name

IP Address: IP address for which you want to allow/restrict access

Port Number is optional. If it's not a custom port, we shall always choose from the predefined service drop down list.

Status: Allow/Deny

Click Accept to save the changes.

Below screenshot shows Global policy, so it will be applied to all users.