Secure Mobile Access 100 10.2 Administration Guide

Introduction
Using Virtual Office
- Virtual Office Configuration
  - Virtual Office
    Virtual Office Overview
    Using the Virtual Office
  - SMA Connect Agent
    Supported Operating Systems
    Downloading and Installation
    Setting up the SMA Connect Agent
    Proxy Configuration
    Logs
    Browser Warning
    End Point Control (EPC)
    PDA (Personal Device Authorization)
    SonicWall Application
SonicWall Support
- About This Document

Adding a Policy

To add a policy, navigate to the Services > Policies screen within the Secure Mobile Access management interface and select Add Policy....

To add a service policy

Use the Policy Owner drop-down menu to select whether the policy is owned as a Global Policy, a Local Domain group policy, or a policy assigned to an individual User.
In the Apply Policy To drop-down menu, select whether the policy is applied to an individual host, a range of network addresses, all addresses, a network object, a server path, or a URL object. You can also select an all IPv6 addresses, an IPv6 address and an IPv6 Network. The Add Policy dialog box changes depending on what type of object you select in the Apply Policy To drop-down menu.

Complete the appropriate step that follows depending on your selection in the Apply Policy To menu.

Apply Policy To:	Action with Associated Field	Description
IP Address	Policy Name	Create a friendly name for the policy
	IP Address	If your policy applies to a specific host, enter the IP address of the local host machine in the IP Address field.
	Protocol	Select the desired Protocol. The available value options in the Protocol field include TCP, UDP, ICMP, and ALL. You can select multiple items among TCP, UDP, and ICMP. However, when ALL is selected, all other options are deselected.
	Port Range/Port Number	Optionally enter a port range (for example, 123 -456) or a single port number (for example, 443) into the Port Range/Port Number field.

IP Network	IP Network Address	If your policy applies to a range of addresses, enter the beginning IP address in the IP Network Address field.
	Subnet Mask	The subnet mask that defines the IP address range in the Subnet Mask field.

All Addresses	IP Address Range	If your policy applies to all IP addresses, you do not need to enter any IP address information.

Network Object	Network Object	If your policy applies to a predefined network object, select the name of the object from the Network Object drop-down menu.

Server Path	Resource	If your policy applies to a server path, select one of the following from the Resource drop-down menu: Share (Server path) – When you select this option, type the path into the Server Path field. Network (Domain list) Servers (Computer list)
	Server Path	Type the path into the Server Path field

URL Object	URL	If your policy applies to a predefined URL object, type the URL into the URL field.

All IPv6 Addresses	IPv6 Address Range	If your policy applies to all IPv6 addresses, you do not need to enter any IP address information.

IPv6 Address	IPv6 Address	If your policy applies to a specific host, enter the IPv6 address of the local host machine in the IPv6 Address field

IPv6 Network	IPv6 Network Address	If your policy applies to a range of addresses, enter the beginning IPv6 address in the IPv6 Network field.
	IPv6 Prefix	The prefix that defines the IPv6 address range in the IPv6 Prefix field.

Select the service type in the Service drop-down menu. If you are applying a policy to a network object, the service type is defined in the network object.
Select ALLOW or DENY from the Status drop-down menu to either allow or deny SMA connections for the specified service and host machine.
Click Accept to update the configuration. After the configuration has been updated, the new policy is displayed in the Services > Policies window.

SonicWall Inc. recommends that administrators set up a Global Deny ALL policy that allows access to only trusted hosts. This prevents outbound requests to malicious hosts from Secure Mobile Access.

To create a Global Deny ALL policy

From the Services > Policy page, click Add Policy.
For Policy Owner, select Global Policy from the drop-down menu.
For Apply Policy To, select All Addresses from the drop-down menu.
For Policy Name, create a friendly name for this policy, such as “Deny ALL.”
Select the desired Protocol. The available value options in the Protocol field include TCP, UDP, ICMP, and ALL. You can select multiple items among TCP, UDP, and ICMP. However, when ALL is selected, all other options are deselected.

The protocol setting only appears when the Service is set to NetExtender & Mobile Connect or All Services.
The IP Address Range automatically defaults to All IP Addresses.
For Service, select All Services from the drop-down menu.
For Status, select Deny from the drop-down menu.

< Prev Section

Next Section >

Secure Mobile Access 100 10.2 Administration Guide

Table of Contents

Adding a Policy