NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

4-10

Setting Up User and Group Access Policies

v1.1, November 2006

The most specific policy will take precedence over less specific policies. For example, a policy

that applies to only one IP address will have priority over a policy that applies to a range of IP

addresses. If two policies apply to a single IP address, then a policy for a specific service (for

example RDP) will take precedence over a policy that applies to all services.

To define group access policies:

1.

In the Group Policies section of the Group Settings menu, click Add Policy. An Add Policy

menu displays.

2.

From the Apply Policy To pull-down menu, select whether the policy will be applied to a

predefined network resource, an individual host, a range of addresses or all addresses.

3.

In the Policy Name field, define a name for the policy.

4.

Select the appropriate policy:

Note:

User policies take precedence over all group policies and group policies take

precedence over all global policies, regardless of the policy definition (A

user

policy that allows access to all IP addresses will take precedence over a

group

policy that denies access to a single IP address).

Figure 4-8

Note:

SSL VPN Concentrator policies apply to the destination address(es) of the SSL

VPN connection, not the source address. You cannot permit or block a specific

IP address on the Internet from authenticating to the SSL VPN Concentrator

through the policy engine. That type of policy would need to be defined by a

firewall rule.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-11

v1.1, November 2006

•

If your policy applies to a predefined network resource, select the name of the resource

from the Defined Resource pull-down menu. For information about creating network

resources, refer to

“Using Network Resource Objects to Simplify Policies” on page 4-20

.

•

If your policy applies to a specific host, enter the IP address of the local host machine in

the IP Address field.

•

If your policy applies to a network, enter the network address and subnet bit mask (0-32)

in the Network and Subnet Mask fields.

5.

In the

Service

pull-down menu, select the service type. If you are applying a policy to a

network resource, the service type is defined in the Defined Resource field. .

6.

From the Status pull-down menu, select PERMIT or DENY to either permit or deny SSL VPN

connections for the specified service and host machine.

7.

Click Apply to update the configuration. Once the configuration has been updated, the new

group policy appears in the table in the Edit Group Settings menu.

The group policies in the Group Policies table are ranked by the order of priority, from the

highest priority policy to the lowest priority policy.

Defining and Editing Group Bookmarks

SSL VPN Concentrator bookmarks provide a convenient way for SSL VPN users to access

computers on the local area network that they will connect to frequently. Group bookmarks will

apply to all members of the specific group. When group bookmarks are defined, all group

members will see the defined bookmarks from the SSL VPN portal. Individual users will not be

able to delete or modify group bookmarks.

To define group bookmarks:

1.

In the Group Bookmarks section of the Group Settings menu, click Add Bookmark. An Add

Bookmark menu displays.

When group bookmarks are defined, all group members will see the defined bookmarks from

the SSL VPN Portal. Individual group members will not be able to delete or modify group

bookmarks.

Note:

Network Resources are configured in Network Resources

under the Access

Administration menu on the left navigation pane.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

4-12

Setting Up User and Group Access Policies

v1.1, November 2006

.

2.

In the Bookmark Name field, enter a descriptive name.

3.

In the Name or IP Address field, enter the domain name or the IP address of a host machine on

the LAN.

4.

From the Service pull-down menu, select the service type.

5.

If Terminal Services (RDP5) is selected, select the screen size that the bookmark will use from

the Screen Size drop-down menu.)

6.

Click Apply to update the configuration. Once the configuration has been updated, the new

group bookmark will be displayed on the Group Settings window. in the Group Bookmarks

table.

Deleting a Group

To delete a group that is the default group for an authentication domain, delete the corresponding

domain (you cannot delete the group in the Group Settings menu).

If a group is not the default group for an authentication domain, first delete all users in the group.

Then you can delete the group on the Group Settings page using the following steps.

To delete a group:

1.

Click the name of the group that you wish to remove from the Groups table. The Group

Settings menu displays.

Figure 4-9

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Setting Up User and Group Access Policies

4-13

v1.1, November 2006

2.

In the Group Settings window, click Delete Group. The Users and Groups menu displays and

the deleted group no longer appears in the list of defined groups.

You can also delete a group by clicking its Delete

link..

Note:

A group cannot be deleted if

users

have been added to the group or if the group

is the default group created for an authentication domain.

Note:

The default group “geardomain” cannot be deleted.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

4-14

Setting Up User and Group Access Policies

v1.1, November 2006

Users Configuration

SSL VPN Concentrator users are defined from the Users and Groups menu. Under the Access and

Administration menu in the left navigation pane, select the Users and Groups option. The Users

and Groups menu displays.

Adding a New User

To create a new user:

Figure 4-10