Perform the following steps to add an access control rule for a forward connection from users to destination
resources. For information about creating an access control rule for a cross-connection (for example, for a VoIP
application), see Adding a Pair of Access Control Rules for a Cross-Connection.
In AMC, navigate to Security Administration > Access Control.
Click the + (New) icon.
The Add Access Rule page displays.
Type a number in the Number field to specify the rule’s position in the access rule list. By default, new
rules are added to the top of the list, but you can use this box to place the rule anywhere you want. For
example, if you assign the number
3 to a new rule, the new rule will be inserted before the current rule 3 (which will become rule 4). This field is required.
To the right of the Number field is a unique identifier for the rule, which you can use for troubleshooting.
When you add or change a rule, for example, the Management Console audit log shows a record of the
change using this ID. Logging is described in detail in System Logging and Monitoring.
- In the Description field, type a descriptive comment about the rule. This step is optional, but a
description can be helpful when viewing your list of rules later; it also appears in log files where can be
useful for debugging. The ID is a unique identifier automatically assigned by AMC; it cannot be edited.
- Use the Action buttons to specify whether the rule will be used to Permit or Deny access, or if the rule is Disabled.
Complete the information listed under Basic settings:
Click User to configure a forward connection (from a user to a resource).
If you deploy a network tunnel client, click Resource to create a rule controlling a reverse connection (resource to user) or a cross-connection (user to user). The network tunnel service must be configured with an IP address pool before you can use reverse connections (see Configuring IP Address Pools).
- The From field specifies the users or user groups to whom the rule applies. Click Edit to
select from a list of users and groups. If no users or groups are specified, the value for this
field is Any user.
- The To field specifies the destination resources or resource groups for the rule. Click Edit to
select from a list of resources. If no destination resources are selected, the value for this
field is Any resource. A warning appears if the destination resource contains a wildcard
indicating a Mobile Connect incompatibility.
Due to client operating system limitations, Mobile Connect cannot convert host
name, URL, or domain type resources containing wildcards to an IP address and, therefore,
cannot redirect them to the appliance.
In the End Point Control zones area, select the zones from which you will permit or deny access to the
resources. Click Edit to select from a list. The default for this field is Any zone. See Managing EPC with Zones and Device Profiles for information about configuring and using zones.
- Click Next to configure additional settings (see Specifying Advanced Access Control Rule Attributes), or
click Finish to save the current settings.