Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
390
To enable tunnel all mode:
1 Navigate to Users > Local Groups.
2 Click the configure icon next to the group you want to configure.
3In the Edit Local Group page, select the Nx Routes tab.
4Select Enable from the Tunnel All Mode drop-down list.
5Click Accept.
Adding Group Policies
With group access policies, all traffic is allowed by default. Additional allow and deny policies could be created
by destination address or address range and by service type.
The most specific policy takes precedence over less specific policies. For example, a policy that applies to only
one IP address has priority over a policy that applies to a range of IP addresses. If there are two policies that
apply to a single IP address, then a policy for a specific service (for example RDP) takes precedence over a
policy that applies to all services.
User policies take precedence over group policies and group policies take precedence over global policies,
regardless of the policy definition. A user policy that allows access to all IP addresses takes precedence over a
group policy that denies access to a single IP address.
To define group access policies:
1 Navigate to Users > Local Groups.
2 Click the configure icon next to the group you want to configure.
3In the Edit Local Group page, select the Policies tab.
4On the Policies tab, click Add Policy. The Add Policy screen is displayed.
5 Define a name for the policy in the Policy Name field.
6In the Apply Policy To drop-down list, select whether the policy is applied to an individual host, a range
of addresses, all addresses, a network object, a server path, or a URL object. You can also select an
individual IPv6 host, a range of IPv6 addresses, or all IPv6 addresses. The Add Policy window changes
depending on what type of object you select in the Apply Policy To drop-down list.
NOTE: You can optionally tunnel-all Secure Mobile Access client traffic through the NetExtender
connection by entering 0.0.0.0 for the Destination Network and Subnet Mask/Prefix in the Add
Client Routes window.
NOTE: Within the group policy scheme, the primary group policy is always enforced over any additional
group policies.
NOTE: The Secure Mobile Access policies apply to the destination address(es) of the SMA/SRA
connection, not the source address. You cannot permit or block a specific IP address on the
Internet from authenticating to the SMA/SRA gateway through the policy engine. It is possible to
control source logins by IP address from the user's Login Policies page. For more information,
refer to Configuring Login Policies on page 380.
To Next Page
Loading...
