Secure Mobile Access 12.4 Administration Guide

Adding Access Control Rules for Application Access Control

Perform the following steps to add an access control rule to control which users or groups are allowed to access which resources using a specific application from a personal device (within the context of a specific Application Zone).

To add an access control rule for Application Access Control

  1. In the AMC, navigate to Security Administration > Access Control.

  2. Click the + (New) icon.

    The Add Access Rule page displays.

  3. In the Position field, type a number to specify the rule’s position in the access rule list. By default, new rules are added to the top of the list, but you can use this box to place the rule anywhere you want. For example, if you have four rules and you assign the number 3 to a new one, it is inserted before the current rule 3 (which will become rule 4). This field is required.
  4. In the Description field, type a descriptive comment about the rule. This step is optional, but a description can be helpful when viewing your list of rules later, and also appears in log files where it is useful in debugging. The ID is a unique identifier automatically assigned by AMC; it cannot be edited.
  5. Use the Action field to specify whether the rule will be used to Permit or Deny access. The default is Permit.
  6. In the Applies to field, select Device zones, Device and Application zones, or Application zones as the type of zone associated with the rule. The default is Device Zones.

    Access Control rules can apply to Device zones, Application zones, or Device and Application zones (any of the Applies to options). Individual user connections apply to a single Device zone or Application zone at any given time. Thus, user connections apply for a single zone at any one time, but the Access Control List can be written to apply to Device zones, Application zones, or Device and Application zones.

  7. Complete the information listed under Basic settings:

    • Select the Direction to create a rule controlling a connection from a resource or a user. The User and Resource buttons toggle. The default is User.

    • The From field specifies the users or groups allowed or denied access to the related Resource list using an application on the selected Application list. Click Edit to select from a list. If no resources are specified, the default value for this field is Any user.

    • The To field specifies the required resources to which the user or group can access using an application on the selected Application list. Click Edit to select from a list. If no users are selected, the default value for this field is Any resource.

  8. Complete the information listed under End Point Control zones.

  9. Click the Next> button at the bottom to display the Advanced tab.

  10. In the Access method restrictions section, select Any or Selected for Client software agents, Client platforms, and Protocols to permit or deny access based on the software agent or client initializing the connection. If you choose Selected, check all desired types from the options that are displayed; see the below table.

    Option types
    Client software agentsClient platformsProtocols
    Web browser (HTTP/HTTPS)WindowsTCP
    Network Explorer (Web access to file system resources)macOSUDP
    Connect Tunnel and/or SonicWall OnDemand VPNiOSICMP
    Connection (TCP/IP)

    Android

    Linux

    ChromeOS

  11. In the Client restrictions section either use the default of Any User’s network address or click the Edit button and select the resources that will use this rule.

  12. In the Destination restrictions section either use the default of Any port to enable access on any port or select Selected to restrict access over individual Ports or a range of ports and type the ports to allow. For example, if you are building a policy to control access to an SMTP mail server, you might allow access only over port 25 (the well-known port for SMTP traffic). A list of the latest port number assignments is available at http://www.iana.org/assignments/port-numbers.

    To specify multiple ports, separate the port numbers with a semicolon. To specify a port range, type the beginning and ending numbers separated by a hyphen.

  13. In the Permissions field specify whether the rule will allow Read or Read/Write access to the file system resources. These access privileges work in conjunction with Windows access control rules. For a user to have certain file permissions, both Windows and the appliance must allow them. If you disable file uploads, user cannot write to a file, although users with write access will be able to move and delete files.
  14. In the Time and date restrictions section, specify when the rule will be in effect. (The time zone for the time restriction fields is your local time.) You can specify a Shift, Range, or use the default of Any to use the rule at all times.
  15. Click Finish.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.