Secure Mobile Access 12.4 Administration Guide

Adding Access Control Rules for a Forward Connection

Perform the following steps to add an access control rule for a forward connection from users to destination resources. For information about creating an access control rule for a cross-connection (for example, for a VoIP application), see Adding a Pair of Access Control Rules for a Cross-Connection.

To add an access control rule for a forward connection

  1. In AMC, navigate to Security Administration > Access Control.

  2. Click the + (New) icon.

    The Add Access Rule page displays.

  3. Type a number in the Number field to specify the rule’s position in the access rule list. By default, new rules are added to the top of the list, but you can use this box to place the rule anywhere you want. For example, if you assign the number 3 to a new rule, the new rule will be inserted before the current rule 3 (which will become rule 4). This field is required.

    To the right of the Number field is a unique identifier for the rule, which you can use for troubleshooting. When you add or change a rule, for example, the Management Console audit log shows a record of the change using this ID. Logging is described in detail in System Logging and Monitoring.

  4. In the Description field, type a descriptive comment about the rule. This step is optional, but a description can be helpful when viewing your list of rules later; it also appears in log files where can be useful for debugging. The ID is a unique identifier automatically assigned by AMC; it cannot be edited.
  5. Use the Action buttons to specify whether the rule will be used to Permit or Deny access, or if the rule is Disabled.
  6. Complete the information listed under Basic settings:

    • Click User to configure a forward connection (from a user to a resource).

    • If you deploy a network tunnel client, click Resource to create a rule controlling a reverse connection (resource to user) or a cross-connection (user to user). The network tunnel service must be configured with an IP address pool before you can use reverse connections (see Configuring IP Address Pools).

    • The From field specifies the users or user groups to whom the rule applies. Click Edit to select from a list of users and groups. If no users or groups are specified, the value for this field is Any user.
    • The To field specifies the destination resources or resource groups for the rule. Click Edit to select from a list of resources. If no destination resources are selected, the value for this field is Any resource. A warning appears if the destination resource contains a wildcard indicating a Mobile Connect incompatibility.

    Due to client operating system limitations, Mobile Connect cannot convert host name, URL, or domain type resources containing wildcards to an IP address and, therefore, cannot redirect them to the appliance.

  7. In the End Point Control zones area, select the zones from which you will permit or deny access to the resources. Click Edit to select from a list. The default for this field is Any zone. See Managing EPC with Zones and Device Profiles for information about configuring and using zones.

  8. Click Next to configure additional settings (see Specifying Advanced Access Control Rule Attributes), or click Finish to save the current settings.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.