Adding a Global Deny All Policy

This procedure creates a policy that denies access to the OWA resources to all groups, except groups configured with an explicit Permit policy.

The Secure Mobile Access default policy is Allow All. To have more granular control, we add a Deny All policy here. Later, we can add Permit policies for each group, one at a time.

1. Navigate to the Users > Local Users page.

   

2. Click Edit in the Global Policies row. The Edit Global Policies window appears.
3. In the Edit Global Policies window, click the Policies tab.

4. Click Add Policy. The Add Policy window appears.

   

5. Select IP Network from the Apply Policy To drop-down menu.
6. In the Policy Name field, type the descriptive name IP Network Deny All.
7. In the IP Network Address field, type the network address, 10.200.1.0.
8. In the Subnet Mask field, type the mask in decimal format, 255.255.255.0.
9. In the Protocol drop-down, select your protocol.
10. In the Port Range/Port Number field, enter your port number or port range.
11. In the Service drop-down menu, select All Services.
12. In the Status drop-down menu, select Allow.
13. Click Submit.

14. In the Edit Global Policies window, verify the IP Network Deny All policy settings and then click Submit.