Secure Mobile Access 12.4 Administration Guide

Adding Access Control Rules for a Reverse Connection

Perform the following steps to add an access control rule for a reverse connection from a destination resource to users. Examples of reverse connections include IBM’s Tivoli provisioning products, and Microsoft’s Systems Management Server (SMS). For more information, see Requirements for Reverse and Cross-Connections.

To add an access control rule for a reverse connection

  1. In the AMC, navigate to Security Administration > Access Control.

  2. Click the + (New) icon.

    The Add Access Rule page displays.

  3. In the Number field, type a number to specify the rule’s position in the access rule list. By default, new rules are added to the top of the list, but you can use this box to place the rule anywhere you want. For example, if you have four rules and you assign the number 3 to a new one, it is inserted before the current rule 3 (which will become rule 4). This field is required.
  4. In the Description field, type a descriptive comment about the rule. This step is optional, but a description can be helpful when viewing your list of rules later, and also appears in log files where it is useful in debugging. The ID is a unique identifier automatically assigned by AMC; it cannot be edited.
  5. Use the Action buttons to specify whether the rule will be used to Permit or Deny access, or if the rule is Disabled.
  6. Complete the information listed under Basic settings:

    • Select the Resource button to create a rule controlling a reverse connection from a resource to a user. The User and Resource buttons toggle between forward-connection and reverse-connection rules.

      Reverse connections are available only when IP address pools are configured for the network tunnel clients. If you attempt to create a reverse connection with no IP address pools configured, AMC displays an error message. For more information, see Access Control Rules for Bi-Directional Connections.

    • The From field specifies the resources that will connect to users. Click Edit to select from a list of resources. If no resources are specified, the default value for this field is Any resource.

    • The To field specifies the users to which the resource will connect. Click Edit to select from a list. If no users are selected, the default value for this field is Any user.

  7. Click Next to display the Advanced page.

  8. In the Access methods area, select Any to automatically manage access to all resources in the rule regardless of the access method making the request. This ensures that either the Connect Tunnel client or the OnDemand Tunnel agent, which is required for reverse connections, is managed by the rule. The other access methods do not support reverse connections and will be bypassed.

  9. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.