Detailed access tab

Possible operations

Some operations can also be performed by right-clicking in the grid.

Search	Enables searches by whole or partial keywords.
Add	Adds a new detailed access rule. The procedure is explained in the section Add.
Delete	Deletes the selected detailed access rule.
Move up	Places the selected rule above the rule before it in the list.
Move down	Places the selected rule below the following rule in the list.

Add

After clicking on Add, define the user or user group for which you want to create the detailed access rule.

User - Group found in the LDAP directory

Makes it possible to add the rule to a user or user group found in the firewall's LDAP directory. Select from the drop-down list the user or user group in question.

User - Group originating from another domain (directory)

Makes it possible to add the rule to a user or user group coming from another domain. For this option, enter the following information:

User - Group: choose whether the rule applies to a User or a Group.
User - Group name: type the name of the user or group in question.
Domain name: type the domain name in question.

Once the rule is added, it appears in the grid and the user or user group in question can be seen in the User-user group column. Added rules are disabled by default and all access is set to Block (even if it was configured differently in the Default access tab).

Detailed access grid

Status	Shows the configuration status of the detailed access rule for the user or user group. Double-click on it to change its status. NOTE The firewall will assess rules in their order of appearance on the screen: one by one from the top down. If Rule 1 applies to a user group, all users involved in the rules that follow and which are part of this same group will receive the configuration in Rule 1.
User-user group	Shows the user or user group affected by the rule.
SSL VPN Portal	Assigns to a user or user group an SSL VPN profile configured earlier in the VPN module > SSL VPN portal, User profiles tab. If you select Block, the user or user group will not have access to any SSL VPN profiles, unlike the Allow option, which provides access to all web and application servers enabled in the user profiles. The Default option takes into account the default SSL VPN Portal profile entered in the Default access tab.
IPsec	This field makes it possible to Block users from negotiating IPsec VPN tunnels or Allow them to do so. The Default option takes into account the default IPsec policy entered in the Default access tab. Depending on your selection, internal users and user groups will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely. NOTE The IPsec privilege only applies to tunnels: With pre-shared key authentication and e-mail address logins, or With certificate authentication.
SSL VPN	This field makes it possible to Block users from negotiating SSL VPN tunnels or Allow them to do so. The Default option takes into account the default SSL VPN policies entered in the Default access tab. Depending on your selection, the internal users and user groups specified will or will not be able to communicate over your private protected IP networks, thereby allowing their data to be transmitted securely.
Sponsorship method	Depending on your selection, users or user groups will or will not be able to validate sponsorship requests submitted from the captive portal. The Default option takes into account the default sponsorship policy entered in the Default access tab.
Description	Comments describing the user, user group or the rule.