How to restrict access for NetExtender / Mobile Connect users based on policy for IP address?

01/23/2021 23 People found this article helpful 99,158 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

While we have the feature of adding client routes based on user level, still network administrators might want to restrict access based on services. In other case, give access to entire network and restrict access to few servers in network to ensure high security.

Policies give privilege to Administrators to allow/deny access to resources/services based on IP address/Network.

This can be achieved by two methods

Method 1: Under Services -> Policies.

Step 1: Login to the management interface of the SRA device.

Step 2: Navigate to Services->Policies, Add policy.

Method 2: Navigate to User/group->configure->Policies->Add policy.

Policy Owner:

- Global applies to all the users and domains.

-  Group Policy: We shall select which group/domain we want to apply this policy.

- User policy: Applies to a particular user.

Apply Policy To: Here we can select for which resource we would to access / deny access. For example, an IP address/Network/Server path (file shares)/URL/IPV6 address.

Below example shows adding policy with IP address.

Policy Name: Give a friendly name

IP Address: IP address for which you want to allow/restrict access

Port Number is optional. If it's not a custom port, we shall always choose from the predefined service drop down list.

Status: Allow/Deny

Click Accept to save the changes.

Below screenshot shows Global policy, so it will be applied to all users.

Related Articles

• CT with Device Guard is stuck on Identifying when GVC Client is installed
• SMA1000: CT compatibility with 3rd party VPN clients like GVC, Citrix and Fortinet
• How can I upgrade firmware in SMA 1000 series appliance?

Categories

• Secure Mobile Access > SMA 100 Series
• Secure Mobile Access > SMA 1000 Series