Adding Access Control Rules for a Reverse Connection
Perform the following steps to add an access control rule for a reverse connection from a destination resource
to users. Examples of reverse connections include IBM’s Tivoli provisioning products, and Microsoft’s Systems
Management Server (SMS). For more information, see Requirements for Reverse and Cross-Connections.
To add an access control rule for a reverse connection
In the AMC, navigate to Security Administration > Access Control.
Click the + (New) icon.
The Add Access Rule page displays.
- In the Number field, type a number to specify the rule’s position in the access rule list. By default, new
rules are added to the top of the list, but you can use this box to place the rule anywhere you want. For
example, if you have four rules and you assign the number
3 to a new one, it is inserted before the
current rule 3 (which will become rule 4). This field is required.
- In the Description field, type a descriptive comment about the rule. This step is optional, but a
description can be helpful when viewing your list of rules later, and also appears in log files where it is
useful in debugging. The ID is a unique identifier automatically assigned by AMC; it cannot be edited.
- Use the Action buttons to specify whether the rule will be used to Permit or Deny access, or if the rule is Disabled.
Complete the information listed under Basic settings:
Select the Resource button to create a rule controlling a reverse connection from a resource to a
user. The User and Resource buttons toggle between forward-connection and reverse-connection
Reverse connections are available only when IP address pools are configured for the network
tunnel clients. If you attempt to create a reverse connection with no IP address pools configured,
AMC displays an error message. For more information, see Access Control Rules for Bi-Directional Connections.
The From field specifies the resources that will connect to users. Click Edit to select from a list of resources. If no resources are specified, the default value for this field is Any resource.
The To field specifies the users to which the resource will connect. Click Edit to select from a list. If no users are selected, the default value for this field is Any user.
Click Next to display the Advanced page.
In the Access methods area, select Any to automatically manage access to all resources in the rule
regardless of the access method making the request. This ensures that either the Connect Tunnel client
or the OnDemand Tunnel agent, which is required for reverse connections, is managed by the rule. The
other access methods do not support reverse connections and will be bypassed.
Was This Article Helpful?
Help us to improve our support portal