How to restrict access for NetExtender / Mobile Connect users based on policy for IP address?
Description
While we have the feature of adding client routes based on user level, still network administrators might want to restrict access based on services. In other case, give access to entire network and restrict access to few servers in network to ensure high security.
Policies give privilege to Administrators to allow/deny access to resources/services based on IP address/Network.
This can be achieved by two methods
Method 1: Under Services -> Policies.
Step 1: Login to the management interface of the SRA device.
Step 2: Navigate to Services->Policies, Add policy.
Method 2: Navigate to User/group->configure->Policies->Add policy.
Policy Owner:
- Global applies to all the users and domains.
- Group Policy: We shall select which group/domain we want to apply this policy.
- User policy: Applies to a particular user.
Apply Policy To: Here we can select for which resource we would to access / deny access. For example, an IP address/Network/Server path (file shares)/URL/IPV6 address.
Below example shows adding policy with IP address.
Policy Name: Give a friendly name
IP Address: IP address for which you want to allow/restrict access
Port Number is optional. If it's not a custom port, we shall always choose from the predefined service drop down list.
Status: Allow/Deny
Click Accept to save the changes.
Below screenshot shows Global policy, so it will be applied to all users.
