NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
4-10
Setting Up User and Group Access Policies
v1.1, November 2006
The most specific policy will take precedence over less specific policies. For example, a policy
that applies to only one IP address will have priority over a policy that applies to a range of IP
addresses. If two policies apply to a single IP address, then a policy for a specific service (for
example RDP) will take precedence over a policy that applies to all services.
To define group access policies:
1.
In the Group Policies section of the Group Settings menu, click Add Policy. An Add Policy
menu displays.
2.
From the Apply Policy To pull-down menu, select whether the policy will be applied to a
predefined network resource, an individual host, a range of addresses or all addresses.
3.
In the Policy Name field, define a name for the policy.
4.
Select the appropriate policy:
Note:
User policies take precedence over all group policies and group policies take
precedence over all global policies, regardless of the policy definition (A
user
policy that allows access to all IP addresses will take precedence over a
group
policy that denies access to a single IP address).
Figure 4-8
Note:
SSL VPN Concentrator policies apply to the destination address(es) of the SSL
VPN connection, not the source address. You cannot permit or block a specific
IP address on the Internet from authenticating to the SSL VPN Concentrator
through the policy engine. That type of policy would need to be defined by a
firewall rule.