Detailed access tab
Possible operations
Some operations can also be performed by right-clicking in the grid.
Search |
Enables searches by whole or partial keywords. |
Add | Adds a new detailed access rule. The procedure is explained in the section Add. |
Delete | Deletes the selected detailed access rule. |
Move up | Places the selected rule above the rule before it in the list. |
Move down | Places the selected rule below the following rule in the list. |
Add
After clicking on Add, define the user or user group for which you want to create the detailed access rule.
User - Group found in the LDAP directory |
Makes it possible to add the rule to a user or user group found in the firewall's LDAP directory. Select from the drop-down list the user or user group in question. |
User - Group originating from another domain (directory) |
Makes it possible to add the rule to a user or user group coming from another domain. For this option, enter the following information:
|
Once the rule is added, it appears in the grid and the user or user group in question can be seen in the User-user group column. Added rules are disabled by default and all access is set to Block (even if it was configured differently in the Default access tab).
Detailed access grid
Status | Shows the configuration status of the detailed access rule for the user or user group. Double-click on it to change its status. NOTE |
User-user group | Shows the user or user group affected by the rule. |
SSL VPN Portal |
Assigns to a user or user group an SSL VPN profile configured earlier in the VPN module > SSL VPN portal, User profiles tab. If you select Block, the user or user group will not have access to any SSL VPN profiles, unlike the Allow option, which provides access to all web and application servers enabled in the user profiles. The Default option takes into account the default SSL VPN Portal profile entered in the Default access tab. |
IPsec | This field makes it possible to Block users from negotiating IPsec VPN tunnels or Allow them to do so. The Default option takes into account the default IPsec policy entered in the Default access tab. Depending on your selection, internal users and user groups will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely. NOTE The IPsec privilege only applies to tunnels:
|
SSL VPN |
This field makes it possible to Block users from negotiating SSL VPN tunnels or Allow them to do so. The Default option takes into account the default SSL VPN policies entered in the Default access tab. Depending on your selection, the internal users and user groups specified will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely. |
Sponsorship method | Depending on your selection, users or user groups will or will not be able to validate sponsorship requests submitted from the captive portal. The Default option takes into account the default sponsorship policy entered in the Default access tab. |
Description | Comments describing the user, user group or the rule. |