Table of Contents
Advertisement
clicking the Logout icon at the right of the user row. The Active User Session table includes the following
information:
Table 37. Active User Information
Column
Description
Name
A text string that indicates the ID of the user.
Group
The group to which the user belongs.
Portal
The name of the portal that the user is logged into.
IP Address
The IP address of the workstation which the user is logged into.
Location
The geographical location of the source IP for each user.
Login Time
The time when the user first established connection with the SMA/SRA appliance
expressed as day, date, and time (HH:MM:SS).
Logged In
The amount of time since the user first established a connection with the SMA/SRA
appliance expressed as number of days and time (HH:MM:SS).
Idle Time
The amount of time the user has been in an inactive or idle state with the SMA/SRA
appliance.
Logout
Displays an icon that enables the administrator to log the user out of the appliance.
Access Policies Concepts
The Secure Mobile Access web-based management interface provides granular control of access to the SMA/SRA
appliance. Access policies provide different levels of access to the various network resources that are accessible
using the SMA/SRA appliance. There are three levels of access policies: global, groups, and users. You can block
and permit access by creating access policies for an IP address, an IP address range, all addresses, or a network
object.
Access Policy Hierarchy
An administrator can define user, group and global policies to predefined network objects, IP addresses, address
ranges, or all IP addresses and to different Secure Mobile Access services. Certain policies take precedence.
The Secure Mobile Access policy hierarchy is:
•
User policies take precedence over group policies
•
Group policies take precedence over global policies
•
If two or more user, group or global policies are configured, the most specific policy takes precedence
For example, a policy configured for a single IP address takes precedence over a policy configured for a range of
addresses. A policy that applies to a range of IP addresses takes precedence over a policy applied to all IP
addresses. If two or more IP address ranges are configured, then the smallest address range takes precedence.
Host names are treated the same as individual IP addresses.
Network objects are prioritized just like other address ranges. However, the prioritization is based on the
individual address or address range, not the entire network object.
For example:
•
Policy 1: A Deny rule has been configured to block all services to the IP address range 10.0.0.0 -
10.0.0.255
•
Policy 2: A Deny rule has been configured to block FTP access to 10.0.1.2 - 10.0.1.10
•
Policy 3: A Permit rule has been configured to allow FTP access to the predefined network object, FTP
Servers. The FTP Servers network object includes the following addresses: 10.0.0.5 - 10.0.0.20. and
ftp.company.com that resolves to 10.0.1.3.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
340
Advertisement
Chapters
Table of Contents
Troubleshooting
